Software and hardware vulnerabilities, active exploitation, and coordinated responses

Cybersecurity Vulnerabilities and Exploited CVEs

The cybersecurity landscape surrounding software and hardware vulnerabilities has become increasingly complex and perilous, driven by rapid exploit development, active threat campaigns, and the weaponization of emerging tools. Recent incidents involving CVEs across major vendors such as Cisco, FileZen, Sangoma, Ivanti, Qualcomm, and Chrome underscore the critical need for vigilant, proactive security measures.

Active Exploitation of Critical CVEs

Multiple high-impact vulnerabilities are currently being exploited in the wild, emphasizing the urgency for timely patching and defensive strategies:

The Cisco SD-WAN zero-day (CVE-2026-20127) has been exploited since 2023 by a highly sophisticated threat actor. This vulnerability allows authentication bypass, enabling attackers to infiltrate network infrastructure. The Five Eyes alliance issued an emergency directive urging immediate mitigation efforts, highlighting the severity of the threat.
Similarly, CVE-2026-3378 affects Tenda F453 routers, exposing remote code execution vulnerabilities that could facilitate lateral movement within networks.
Over 900 Sangoma FreePBX instances are compromised due to CVE-2025-64328, a flaw exploited for system takeover, web shell deployment, and data exfiltration.
The FileZen command injection vulnerability (CVE-2026-25108) has been actively exploited, with CISA confirming ongoing attacks. This flaw enables attackers to execute arbitrary commands on affected systems, risking widespread server compromise.

In addition to network devices, software components such as Ivanti Endpoint Manager (EPMM) and liblzma (XZ Utils CVE-2024-3094) have been targeted, demonstrating how vulnerabilities in management platforms and routine libraries can serve as entry points for attackers.

Weaponization and Exploit Tooling

Adversaries are increasingly leveraging automated exploit frameworks like Metasploit to accelerate vulnerability discovery and deployment. Recent releases include modules targeting vulnerabilities in Linux RC4 and BeyondTrust products, enhancing attack efficiency. Moreover, AI-assisted tools aid threat actors in identifying zero-days and developing exploits faster than traditional methods.

The exploitation of browser vulnerabilities further amplifies risks. Notably, a Chrome CSS CVE has been exploited to enable privilege escalation, while a Chrome Gemini Panel flaw allows malicious extensions to escalate privileges and hijack sessions. Such vulnerabilities threaten AI-enabled browsing environments and applications, potentially leading to data breaches and system compromise.

Threat Campaigns and State-Sponsored Actors

Cyber campaigns continue to evolve, employing stealthy malware and web shell attacks to maintain persistence within victim networks. The RESURGE malware analysis highlights ongoing threats that use advanced evasion techniques, complicating detection and response efforts.

State-sponsored actors, such as APT28, are linked to exploits like CVE-2026-21513, a zero-day in MSHTML exploited before Microsoft’s patch release. These groups leverage zero-days and actively exploit unpatched systems, often using AI-driven tools to automate reconnaissance and attack deployment.

Hardware and Infrastructure Security Concerns

The expansion of AI and cloud workloads necessitates securing underlying hardware, such as Juniper routers, which enable high throughput but introduce new attack surfaces. Ensuring firmware integrity, traffic filtering, and hardware attestation are vital to prevent large-scale sabotage, data exfiltration, and infrastructure disruption.

Moving Toward a Security-by-Design Approach

Given the proliferation of vulnerabilities and active exploits, organizations are adopting security-by-design principles. This involves integrating formal verification tools like CLARE and PolaRiS into AI development pipelines to enforce safety and robustness. Techniques such as adversarial testing and neuronal hardening (e.g., NeST) are crucial for safeguarding AI systems against manipulation and unintended behaviors.

Rapid patching and continuous monitoring are essential components of defense. Agencies like CISA and the Five Eyes have issued urgent alerts to accelerate patch deployment, especially for critical vulnerabilities like the Cisco SD-WAN flaw. Additionally, supply chain security and hardware attestation help prevent malicious tampering during manufacturing processes.

Conclusion

The current threat landscape underscores a fundamental reality: software and hardware vulnerabilities are being weaponized faster than organizations can patch and defend. As adversaries leverage AI tools for reconnaissance, exploit development, and automation, defenders must adopt a holistic, layered security strategy. This includes formal verification, secure infrastructure, rapid incident response, and collaborative international efforts.

Only through proactive, integrated security measures can we hope to mitigate the risks posed by active exploitation campaigns and ensure that AI and network systems remain resilient and trustworthy in an increasingly hostile environment.

Sources (36)

Updated Mar 4, 2026

Eco-Tech Security Digest

Software and hardware vulnerabilities, active exploitation, and coordinated responses

Chrome’s New Critical CVE Exploits CSS And It’s Worse Than You Think

CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat

Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities

wolfSSL Aligns Embedded Security Portfolio with EU Cyber Resilience Act Mandates

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

CVE-2024-3094 and the XZ Utils liblzma Backdoor, why a routine update almost became a trust crisis

Proof-of-Concept Released for Windows ALPC Privilege Escalation via Error Reporting

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

CVE-2026-3102: macOS ExifTool image-processing vulnerability | Kaspersky official blog

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

TCL Internship Week 3 Intern Demo | Group Project | Network Segmentation Failure + CVE-2026-1731

CVE Alert: CVE-2026-3378 – Tenda – F453

CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances

Metasploit Unveils Exploit Modules for Linux RC4 and BeyondTrust Vulnerabilities

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Cyware Daily Threat Intelligence, February 27, 2026

Software vulnerabilities are being weaponized faster than ever

How AI Agents Automate CVE Vulnerability Research

OpenClaw Vulnerability: Browser Tab to Agent Takeover

ED 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems

Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day

CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild

Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Patch these 4 critical, make-me-root SolarWinds bugs ASAP

Google Alerts Users to Serious Chrome Bugs With Takeover Risk

繞過 ASLR：解析 DWM ALPC 記憶體洩漏 (CVE-2026-20805) #網路安全

The CVE Treadmill: Why You Can’t Patch Your Way to Security

CrowdStrike Analysis Paints Worsening Cybersecurity Picture

Hacker used AI to breach 600 FortiGate appliances across 55 countries

Inside BinaryAudit: How Quesma Is Tackling the Hidden Risk of Closed-Source Software Dependencies

Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers