Exploit/DoS/supply chain surges: FortiClientEMS/BeyondTrust/Storm-1175 Medusa/Flowise/EU TeamPCP-Trivy/NK Axios/UNC4736/Citrix/F5/NetScaler — active/KEV/BOD
Key Questions
What are the FortiClientEMS vulnerabilities?
CVE-2026-35616 and CVE-2026-21643 are RCE flaws added to KEV, under active exploitation. Patch immediately to prevent remote code execution.
What BeyondTrust issue is highlighted?
Storm-1175 and Medusa exploit BeyondTrust CVE-2026-1731. Inventory and patch affected systems.
Is Flowise vulnerable again?
Yes, CVE-2025-59528 RCE in Flowise is actively exploited. Update to the latest version and monitor for attacks.
What supply chain attacks are surging?
EU TeamPCP-Trivy (91GB leak), NK Axios, UNC4736 Drift ($285M heist), and others like Mercor LiteLLM (4TB). Implement SCA and CI-CD security.
Which enterprise products have critical flaws?
Citrix/NetScaler (CitrixBleed 3 CVE-2026-3055 memory leak), F5 BIG-IP (14k exploited by UNC5221), GIGABYTE, SUSE, Ubuntu, Suricata. Prioritize patching high-impact CVEs.
What North Korean activity is noted?
NK actors behind Axios and UNC4736 Drift Protocol crypto heist via remote IT workers. Hunt for related IOCs.
How does exploitation outpace patching?
Qualys reports exploitation surpassing manual patching speeds, emphasizing risk-based vulnerability management and asset criticality prioritization.
What are the recommended CTEM actions?
Patch urgently, conduct inventory hunts, deploy SCA/CI-CD/EDR, and monitor RHSA advisories. Situation is developing with active KEV/BOD exploits.
FortiClientEMS CVEs-2026-35616/-21643 RCE KEV/Flowise CVE-2025-59528 RCE/Storm-1175 BeyondTrust CVE-2026-1731/EU AWS Trivy 91GB/Meta Mercor LiteLLM 4TB/NK Axios/UNC4736 Drift $285M/prt-scan/Trivy/F5 BIG-IP (14k UNC5221)/Citrix/NetScaler/GIGABYTE/SUSE/Ubuntu/Suricata/.NET/Next.js/TeamCity/Spring AI/n8n/GlassWorm/Wazuh/ShareFile. CTEM: patch/inventory/hunts/SCA/CI-CD/EDR/LiteLLM/Mercor/Flowise/EU IOCs/RHSA.