Threat Advisories

Microsoft has disclosed a critical remote code execution (RCE) vulnerability in the Windows Internet Key Exchange (IKE) Service Extensions, tracked as CVE‑2026‑33824. The vulnerability is caused by a double‑free memory handling flaw that can be triggered remotely by an unauthenticated attacker sending specially crafted network traffic to a vulnerable system. Successful exploitation could allow arbitrary code execution with system‑level privileges.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of a high‑severity remote code execution (RCE) vulnerability in Apache ActiveMQ Classic, tracked as CVE‑2026‑34197. The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, signalling verified malicious activity in the wild and elevating remediation priority for all organizations using affected versions of ActiveMQ.

A critical supply chain attack has impacted the widely used JavaScript library Axios following the compromise of its primary maintainer’s npm account. Threat actors used the hijacked account to publish two malicious versions, axios@1.14.1 and axios@0.30.4, which introduced a rogue dependency (plain-crypto-js@4.2.1). This dependency was not part of the legitimate Axios codebase and existed solely to execute a post install script that deployed a cross-platform Remote Access Trojan (RAT).

LiteLLM is a highly popular open-source Python library and proxy server that provides a unified interface for calling over 100+ Large Language Model (LLM) APIs, such as OpenAI, Anthropic, Bedrock, and VertexAI, using the standard OpenAI input/output format. It simplifies multi-LLM integration, offering features like automatic fallbacks, retries, and cost tracking. Because it functions as an API gateway, it acts as a credential aggregator by design, securely holding API keys for various LLM providers.

CVE202620963 was originally published in January 2026, but it has recently gained renewed attention due to confirmed active exploitation.

The UK and Ireland are now facing elevated cyber risk as Iranian‑aligned threat actors launch retaliatory operations in response to Operation Epic Fury, the joint US‑Israeli strikes on Iran.

Earlier this week we wrote a blog post on the cyber affairs amidst the US-Israel war on Iran, called Operation Epic Fury. In which we observed that there would be an elevated response from state sponsored threat actors, against the western organisations with a middle eastern presence as a retaliation for these attacks.  

Cisco has released emergency patches for two maximum‑severity (CVSS 10.0) vulnerabilities affecting Cisco Secure Firewall Management Center (FMC). These flaws tracked as CVE‑2026‑20079 and CVE‑2026‑20131, allow unauthenticated, remote attackers to obtain root‑level control over FMC appliances, posing a severe risk to enterprise firewall infrastructure. No exploitation in the wild has been observed yet, but the critical nature and ease of exploitation elevate these vulnerabilities to immediate remediation priority.

Cybersecurity researchers have uncovered a new wave of supply-chain attacks attributed to North Korean state aligned threat actors, involving the publication of 26 malicious npm packages posing as legitimate developer tools. The campaign tracked as “StegaBin”, uses Pastebin based steganography to conceal command and control (C2) endpoints and ultimately deploy credential stealers and a cross platform remote access trojan (RAT). The infrastructure supporting these operations spans 31 Vercel deployments, highlighting a sophisticated and evolving threat to the global software supply chain.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed VMware Aria Operations vulnerability, tracked as CVE‑2026‑22719to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw is a command injection vulnerability enabling unauthenticated remote code execution (RCE) under certain conditions. VMware (Broadcom) released patches on February 24, 2026, but reports indicate attackers are now leveraging the issue against unpatched systems. Federal civilian agencies have been mandated to remediate the vulnerability by March 24, 2026.