惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
V
Vulnerabilities – Threatpost
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
L
LINUX DO - 热门话题
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
D
Docker
C
Cyber Attacks, Cyber Crime and Cyber Security
MyScale Blog
MyScale Blog
P
Palo Alto Networks Blog
T
Tenable Blog
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
小众软件
小众软件
Cisco Talos Blog
Cisco Talos Blog
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
T
Threat Research - Cisco Blogs
NISL@THU
NISL@THU
The Hacker News
The Hacker News
Project Zero
Project Zero
AWS News Blog
AWS News Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Threatpost
V
Visual Studio Blog
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
Last Week in AI
Last Week in AI
Jina AI
Jina AI
Cyberwarzone
Cyberwarzone
The Register - Security
The Register - Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Vercel News
Vercel News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
MongoDB | Blog
MongoDB | Blog
U
Unit 42
Scott Helme
Scott Helme
A
About on SuperTechFans
WordPress大学
WordPress大学
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
G
GRAHAM CLULEY
Latest news
Latest news
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
Schneier on Security

Cyble

Borrowed Trust: Cloud DNS Hijack Fuels Gambling SEO Attack FIFA World Cup 2026 Scams Surge As Fake Sites Target Fans CEO Fraud And Executive Impersonation Threats In The Gulf How AI-Powered Brand Impersonation Works — And Why Traditional Security Misses It Entirely OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight JOMANGY: INJ3CTOR3's Self-Healing FreePBX Toll Fraud Campaign - Cyble Cyble: Challenger In 2026 Gartner® Magic Quadrant™ For CTI GCC Digital Banking Attack Surface Risks In 2026 Australian Dark Web Data Breaches Surge In 2025-2026 Gartner® Magic Quadrant™ 2026 | Cyberthreat Intelligence Operation HumanitarianBait: An Infostealer Campaign Weekly Vulnerability Report: Azure AI, Spring AI, Fortinet Bugs Cyble Blaze AI: Unified Enterprise Threat Intelligence MiningDropper – A Global Modular Android Malware Campaign Operating at Scale Black Hat Asia 2026 Cyber Threats And Ransomware Trends Cyber Warfare Attacks: Hybrid Conflict & Global Cyber Risk Weekly Vulnerability Report: OpenClaw, F5 BIG-IP & ICS Flaws Agentic AI Architecture In Dual-Brain Cybersecurity Middle East Supply Chain Risk Impacting UK Cybersecurity Predictive Cybersecurity with Cyble Blaze AI Guide Professional Networks Under Attack by Infostealer Hybrid Warfare 2026: Cyber & Kinetic Threats Converge APT41 Threat Group: Enterprise Risk & Attack Surface Energy Sector Ransomware Nightmare Haunts Critical Infrastructure
Weekly Vulnerabilities Report: AI, VMware, ICS & EV Flaws
2026-04-02 · via Cyble

Critical vulnerabilities in AI frameworks, VMware environments, EV charging platforms, and ICS systems show growing risks across enterprise and industrial ecosystems.

Cyble Research & Intelligence Labs (CRIL) tracked 1,452 vulnerabilities last week, reflecting the continued expansion of the global attack surface.  

Of these, 222 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating the likelihood of exploitation in real-world environments.  

Additionally, multiple vulnerabilities surfaced across underground forums, with at least 7 actively discussed exploits, indicating strong adversarial interest and rapid weaponization cycles.  

A total of 128 vulnerabilities were rated critical under CVSS v3.1, while 47 were rated critical under CVSS v4.0, highlighting the severity of newly disclosed issues.  

Furthermore, CISA added 8 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.  

On the industrial front, CISA issued 12 ICS advisories covering 150 vulnerabilities, impacting major vendors including FESTO, Schneider Electric, Siemens, and Mitsubishi Electric.  

report-ad-banner

The Week’s Top Vulnerabilities 

CVE-2026-25769 — Wazuh (Critical) 

CVE-2026-25769 is a critical remote code execution vulnerability in Wazuh caused by the deserialization of untrusted data in cluster deployments.  

Attackers with access to a worker node can send malicious serialized payloads to the master node, resulting in remote code execution with root privileges. This enables full compromise of the centralized security monitoring infrastructure. 

CVE-2026-20131 — Cisco Secure Firewall Management Center (Critical) 

CVE-2026-20131 is a maximum-severity vulnerability allowing unauthenticated attackers to execute arbitrary Java code as root on affected systems.  

The vulnerability is reportedly being exploited by ransomware groups, enabling complete takeover of firewall management systems and downstream enterprise networks. 

CVE-2026-4342 — Kubernetes ingress-nginx (High) 

CVE-2026-4342 is a configuration injection vulnerability that allows attackers to inject malicious configurations via crafted ingress annotations.  

Successful exploitation can lead to remote code execution and exposure of Kubernetes secrets, significantly expanding attacker control across containerized environments. 

CVE-2026-22721 — VMware Aria Operations (High) 

CVE-2026-22721 is a privilege escalation vulnerability that allows attackers with limited access to elevate privileges to administrative levels.  

This enables attackers to manipulate monitoring systems, access sensitive data, and expand control across virtualized infrastructure. 

CVE-2026-33309 — Langflow AI Framework (Critical) 

CVE-2026-33309 is a critical vulnerability affecting Langflow, an AI workflow framework, enabling attackers to compromise application logic and underlying infrastructure.  

The flaw highlights the emerging attack surface in AI-driven platforms, where exploitation can lead to credential theft and full system compromise. 

Vulnerabilities Added to CISA KEV 

CISA continued expanding its KEV catalog, reflecting active exploitation trends. 

Notable additions include: 

  • CVE-2026-20131 — Cisco FMC RCE vulnerability actively exploited by ransomware groups  
  • CVE-2025-32432 — Craft CMS RCE vulnerability enabling full server takeover  

These additions emphasize the rapid transition from disclosure to exploitation, particularly in enterprise-facing systems. 

Critical ICS Vulnerabilities 

CISA issued 12 ICS advisories covering 150 vulnerabilities, with a strong concentration in industrial automation platforms.  

Festo Automation Suite with CODESYS (Multiple Critical CVEs) 

A large cluster of vulnerabilities affects Festo Automation Suite integrated with CODESYS, spanning multiple years and severity levels.  

These include: 

  • Buffer overflows  
  • Improper access control  
  • Out-of-bounds writes  
  • Missing authentication  

The accumulation of these flaws indicates systemic security weaknesses, enabling attackers to destabilize systems or gain persistent access. 

CVE-2018-10612 — Festo/CODESYS (Critical) 

This vulnerability involves improper access control, allowing attackers to bypass restrictions and gain unauthorized access to industrial systems.  

CVE-2021-30190 — Festo/CODESYS (Critical) 

A missing authentication vulnerability enabling attackers to execute critical functions without credentials, potentially leading to full system compromise.  

EV Charging Infrastructure Vulnerabilities (Critical) 

Critical vulnerabilities were also identified in EV charging platforms such as IGL-Technologies eParking.fi and CTEK Chargeportal.  

These flaws allow: 

  • Unauthorized administrative access  
  • Service disruption  
  • Large-scale denial-of-service attacks  

The global deployment of EV infrastructure significantly amplifies the risk of coordinated attacks across energy and transportation ecosystems. 

Impacted Critical Infrastructure Sectors 

Analysis of ICS vulnerabilities shows a significant concentration in: 

  • Energy infrastructure  
  • Transportation systems  
  • Industrial automation  

The increasing overlap between these sectors—particularly in EV ecosystems—creates interdependent risk, where a compromise in one domain can cascade into others.  

Conclusion 

This week’s findings highlight a convergence of: 

  • Rapid vulnerability disclosure cycles  
  • Active exploitation confirmed through KEV additions  
  • Growing attack surface in AI and cloud-native environments  
  • Deep-rooted security weaknesses in industrial systems  

With 222 publicly available PoCs, active underground discussions, and widespread ICS exposure, organizations face heightened risk across both IT and OT environments.  

Key Recommendations 

  • Prioritize vulnerabilities based on exploit availability and severity  
  • Secure AI frameworks and development pipelines  
  • Harden Kubernetes and cloud-native environments  
  • Implement strong authentication and access controls  
  • Segment IT and OT networks to limit lateral movement  
  • Address legacy vulnerabilities in ICS environments  
  • Conduct continuous vulnerability assessments and penetration testing  

Cyble’s attack surface management and vulnerability intelligence solutions backed by its AI native platform, enable organizations to identify exposed assets, prioritize remediation, and detect early indicators of compromise. By integrating threat intelligence with proactive security strategies, organizations can effectively defend against evolving threats across enterprise and critical infrastructure environments. 

Book your demo to experience Cyble’s AI native platform now!