Exploit Chain Diagram 1. ReconShodan / MasscanPort 443 scan → 2. WebSocket Connect/nw endpointNo auth required → 3. Payload InjectionMalicious JSON + Bash evalremoteVersion field → 4. RCESYSTEM/root [...]

The Threat at a Glance Threat Type Local Privilege Escalation via Kernel Type Confusion Severity High (CVSS 7.8; Enables SYSTEM Privilege from Low-Privileged Account – Critical for Ransomware [...]

Detail Information CVE ID CVE-2026-23550 CVSS v3.1 Score 10.0 (Critical) Affected Plugin Modular DS (Modular Connector) Vulnerable Versions ≤ 2.5.1 Patched Version 2.5.2 (Released January 14, 2026) Disclosure [...]

Cisco has disclosed a maximum-severity zero-day vulnerability (CVE-2025-20393, CVSS 10.0) in AsyncOS software for Secure Email Gateway and Secure Email and Web Manager appliances. A China-nexus APT group [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on December 17, 2025. The flaws affect Cisco [...]

The Apache Software Foundation disclosed a denial of service vulnerability in Apache Struts on December 1, 2025 (updated December 10). The flaw (CVE-2025-64775 and related CVE-2025-66675) allows attackers [...]