Ethical Hacking News
Critical vulnerabilities have emerged across a range of popular software platforms, including Oracle's Identity Manager and Web Services Manager, as well as Microsoft, Apple, and Google. Researchers have discovered several flaws that can be exploited by attackers, while Chinese hackers target Southeast Asian militaries using malware. In response, numerous organizations have issued security updates to patch these vulnerabilities, emphasizing the need for proactive monitoring and testing in the fight against cyber threats.
Critical vulnerabilities have been discovered in various systems and applications, posing significant risks to individuals and organizations. A recent vulnerability, CVE-2026-21992, allows unauthenticated attackers with network access via HTTP to compromise susceptible instances of Oracle Identity Manager and Web Services Manager. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories for the identified vulnerabilities and urges organizations to apply security patches as soon as possible. Other emerging threats include phishing scams, malware attacks on Southeast Asian militaries, and exploitation of older iOS devices through the Coruna WebKit exploit. Malicious actors are exploiting zero-days in Microsoft, Chrome, and other software, highlighting the importance of staying informed about emerging security threats.
In recent weeks, cybersecurity experts have been left scrambling to address a string of critical vulnerabilities that threaten the integrity of various systems and applications. From the depths of the internet to the very fabric of our own networks, these hidden dangers pose significant risks to individuals and organizations alike.
One such vulnerability that has garnered particular attention in recent times is the CVE-2026-21992 flaw found by Oracle in its Identity Manager and Web Services Manager software. This critical security hole allows an unauthenticated attacker with network access via HTTP to compromise susceptible instances of these systems, potentially resulting in remote code execution. According to a description of the vulnerability in the NIST National Vulnerability Database (NVD), this flaw is "easily exploitable" and can be exploited by an unauthenticated attacker with network access.
This critical vulnerability was added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in November 2025, citing evidence of active exploitation. CISA warned that exploiting this flaw could lead to a successful takeover of susceptible instances of Oracle Identity Manager and Web Services Manager.
Another vulnerability that has been found to be exploitable is CVE-2025-61757, which also carries a CVSS score of 9.8. This pre-authenticated remote code execution flaw impacts Oracle Identity Manager, according to CISA. The agency noted that this vulnerability was added to the KEV catalog due to evidence of active exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories for both of these vulnerabilities in order to alert organizations to their existence. Organizations are urged to apply the necessary security patches as soon as possible in order to protect themselves against potential attacks.
In addition to these critical vulnerabilities, other security threats have emerged on the horizon. Researchers have recently discovered several flaws in popular software that can be exploited by attackers. For example, researchers were able to trick Perplexity's Comet AI browser into phishing scams in under four minutes.
Meanwhile, Chinese hackers have been targeting Southeast Asian militaries using AppleChris and MemFun malware. These cyber threats are a stark reminder of the ongoing struggle between nations in the digital realm.
In another development, Apple has released security updates for older iOS devices targeted by the Coruna WebKit exploit. This vulnerability could be exploited to gain unauthorized access to sensitive information on affected devices.
Furthermore, Microsoft has patched 84 flaws in its latest patch Tuesday update, including two public zero-days. These patches are aimed at protecting users against a range of potential threats that could impact their software and hardware.
In the world of artificial intelligence, researchers have discovered several vulnerabilities in popular AI platforms. For example, Veeam has issued security updates for 7 critical backup and replication flaws that allow remote code execution. Similarly, Nine CrackArmor flaws in Linux AppArmor enable root escalation and bypass container isolation.
Finally, Google has fixed two Chrome zero-days that were exploited in the wild, affecting Skia and V8. These vulnerabilities highlight the ongoing struggle to keep software up-to-date with the latest security patches.
In conclusion, cybersecurity experts must remain vigilant as new threats emerge on a daily basis. Critical vulnerabilities like CVE-2026-21992 pose significant risks to organizations and individuals alike. The importance of staying informed about emerging security threats cannot be overstated, as it can mean the difference between protecting one's own system or organization from potential attacks.
In order to stay ahead of these emerging threats, cybersecurity professionals must prioritize patch management, network security, enterprise security, identity management, and software updates. This is especially true in today’s digital landscape where vulnerabilities are constantly being discovered and exploited by malicious actors.
Ultimately, only through proactive monitoring and testing can we truly ensure the integrity of our systems and networks. It is imperative that cybersecurity professionals stay up-to-date with the latest developments in this field, as well as adhere to best practices for patch management and system security.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Vulnerabilities-Lurk-in-the-Shadows-A-Deep-Dive-into-the-Latest-Security-Threats-ehn.shtml
https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html
https://www.oracle.com/security-alerts/alert-cve-2026-21992.html
https://nvd.nist.gov/vuln/detail/CVE-2026-21992
https://www.cvedetails.com/cve/CVE-2026-21992/
https://nvd.nist.gov/vuln/detail/CVE-2025-61757
https://www.cvedetails.com/cve/CVE-2025-61757/
https://netcrook.com/china-cyber-espionage-southeast-asia-military-applechris-memfun/
https://capalearning.com/2026/03/13/chinese-hackers-target-southeast-asian-militaries-with-applechris-and-memfun-malware/
https://thehackernews.com/2026/03/chinese-hackers-target-southeast-asian.html
Published: Sat Mar 21 06:45:27 2026 by llama3.2 3B Q4_K_M
