Today’s roundup
Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)
Cisco fixed actively exploited Unified Communications zero day
Fortinet admins report patched FortiGate firewalls getting hacked
Zoom fixed critical Node Multimedia Routers flaw
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
Zendesk ticket systems hijacked in massive global spam wave
Hackers exploit 29 zero-days on second day of Pwn2Own Automotive
Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns
Summary
SmarterTools SmarterMail email software is experiencing active exploitation of a critical authentication bypass (WT-2026-0001), allowing unauthenticated administrator password resets and subsequent remote code execution. Exploitation began just two days after the patch was released, suggesting attackers are reversing vendor updates.
Cisco has patched a critical zero-day Remote Code Execution (RCE) vulnerability, CVE-2026-20045 (CVSS 8.2), affecting its Unified Communications products and Webex Calling Dedicated Instance. The flaw is actively exploited by unauthenticated remote attackers to execute arbitrary commands and achieve root privileges.
Fortinet FortiGate firewalls, even those with applied patches, are being actively compromised due to attackers exploiting a patch bypass for the critical authentication vulnerability CVE-2025-59718. This allows continued unauthorized access and firewall configuration theft.
Zoom has addressed a critical Command Injection vulnerability, CVE-2026-22844 (CVSS 9.9), in its Node Multimedia Routers (MMRs). The flaw could enable a meeting participant to achieve remote code execution, although active exploitation is not yet confirmed.
A new malicious package, "sympy-dev," has been found in the Python Package Index (PyPI), impersonating the legitimate SymPy library. It is designed to deploy an XMRig cryptocurrency miner on compromised Linux hosts, posing a software supply chain risk.
The North Korea-linked "Contagious Interview" (PurpleBravo) campaign has reportedly targeted 3,136 IP addresses and 20 organizations across AI, cryptocurrency, financial services, IT, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.
A VulnCheck analysis reveals a concerning trend: the percentage of vulnerabilities exploited before public disclosure surged from 23.6% in 2024 to 28.96% in 2025, emphasizing shrinking remediation windows for defenders.
A massive global spam campaign is originating from hijacked and unsecured Zendesk support systems. Victims worldwide are reporting receiving numerous unwanted and potentially malicious emails.
During the second day of Pwn2Own Automotive 2026, hackers successfully exploited 29 new zero-day vulnerabilities in various automotive systems. These exploits resulted in $439,250 being awarded in prize money.
A report from EPIC warns of an escalating "health privacy crisis" driven by data brokers, widespread ad-tech surveillance, and immigration enforcement (ICE). These factors are eroding public trust and deterring individuals from seeking essential medical care.
Want to dig deeper?
Vulnerabilities
Malware Families