The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

https://www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/

#cybersecurity

The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. https://www.securityweek.com/vmware-aria-operations-vulnerability-exploited-in-the-wild/

Google notifying Android user of high-severity vuln CVE-2026-21385 and March 2026 security update might work better if that link the "AI Mode" #slopgenerator did not link to December 2025 bulletin.

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks

Project Zero’s “0-day in the Wild” spreadsheet just added CVE-2026-21385, an issue in the Qualcomm graphics driver: https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html#_cve-2026-21385

Exploiting Reversing (ER) series: article 07 | Exploitation Techniques | CVE-2024-30085 (part 01)

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation:

https://exploitreversing.com/2026/03/04/exploiting-reversing-er-series-article-07/

Key features of this edition:

[+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques.
[+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM.
[+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage.
[+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability.

The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability.

I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!

Enjoy your reading and have an excellent day.

#exploit #vulnerability #cve #exploitation #infosec #informationsecurity #windows

Second is CVE-2026-20131: remote code execution in the same product by way of, aww yiss, Java deserialization.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

💥 Cisco warns of max severity Secure FMC flaws giving root access

｢ Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices ｣

#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/

yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡

https://hecate.pw/vulnerabilities?search=vendors%3A%22Cisco%22%20AND%20published%3A%3E%3D2026-03-04&mode=dql

🚬

#vulnerability #cve #cisco

Abstract’s ASTRO research team just released blog about critical CISCO vulnerabilities: CVE-2026-20079 and CVE-2026-20131

https://itnerd.blog/2026/03/04/abstracts-astro-research-team-just-released-blog-about-critical-cisco-vulnerabilities-cve-2026-20079-and-cve-2026-20131/

2 perfect 10s from Cisco today! First up, CVE-2026-20079, auth bypass in Cisco Secure Firewall Management, by way of a...rogue process launched at boot?

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2

💥 Cisco warns of max severity Secure FMC flaws giving root access

｢ Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices ｣

#cisco #rce #cybersecurity
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/

yikes.. 50 CVEs for Cisco today incl. two max severity CVE-2026-20131 & CVE-2026-20079 with auth bypass 🫡

https://hecate.pw/vulnerabilities?search=vendors%3A%22Cisco%22%20AND%20published%3A%3E%3D2026-03-04&mode=dql

🚬

#vulnerability #cve #cisco

Abstract’s ASTRO research team just released blog about critical CISCO vulnerabilities: CVE-2026-20079 and CVE-2026-20131

https://itnerd.blog/2026/03/04/abstracts-astro-research-team-just-released-blog-about-critical-cisco-vulnerabilities-cve-2026-20079-and-cve-2026-20131/

Here's a taste of what GreyNoise customers got in this week's At The Edge intelligence brief.

268M sessions. 540K unique IPs. Four findings that matter.

→ Sophos CVE-2022-1040 surged 435% — second consecutive week
→ 9.1M RDP sessions from two IPs, one JA4T fingerprint
→ VPN siege Week 6 — vendors rotating after our published analysis
→ Scanning landscape collapsed. Enterprise campaigns didn't.

Full brief: IOCs, attribution, recommendations.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-030226

greynoise.io/contact

#OT #Advisory VDE-2026-001
METTLER TOLEDO: ASP.NET core vulnerability in LabX

LabX 21.2.12 (formerly known as LabX Cloud 1.2.12) is affected by the ASP.NET core vulnerability CVE-2025-55315.
#CVE CVE-2025-55315

https://certvde.com/en/advisories/vde-2026-001/
#oCSAF
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-001.json