Hawkra Threat Dashboard

Active Exploits & Threat Groups

CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. This vulnerability affects Apache ActiveMQ, a widely used open-source message broker, and stems from improper input validation. Successful exploitation can allow an attacker to disrupt service or potentially achieve remote code execution, making it a critical threat to enterprise messaging and integration systems. Organizations utilizing Apache ActiveMQ are strongly urged to apply the necessary patches immediately to mitigate this confirmed threat.

A diverse array of threat actors has been linked to the exploitation of this vulnerability, all leveraging it for the Execution tactic to run malicious code on compromised systems. These groups include financially motivated actors such as FIN5, FIN6, and FIN7, known for targeting retail and hospitality sectors for financial gain. Additionally, numerous state-sponsored espionage groups are exploiting this flaw, including Ke3chang, Dragonfly, Stealth Falcon, OilRig, APT19, APT32, and APT37. This broad adoption by both cybercriminal and nation-state actors underscores the vulnerability's severity and utility for gaining an initial foothold or executing payloads within a target network.

New Vulnerabilities

This week is marked by the disclosure of several critical vulnerabilities in widely deployed enterprise products, most notably from Cisco. A trio of flaws in the Cisco Identity Services Engine (ISE)—CVE-2026-20147, CVE-2026-20186, and CVE-2026-20180—all carry a CVSS score of 9.9. These vulnerabilities could permit an authenticated, remote attacker to execute arbitrary commands on the underlying operating system, effectively granting them full control over a core network security component. Another critical issue, CVE-2026-20184, affects Cisco Webex Services and could allow an attacker to impersonate any user via a flaw in the single sign-on integration.

Beyond Cisco, critical vulnerabilities continue to plague the web application ecosystem. Multiple WordPress plugins, including Accordion and Accordion Slider (CVE-2026-6443) and Barcode Scanner (CVE-2026-4880), were found to contain critical flaws leading to backdoors or privilege escalation. Separately, a heap buffer overflow in Google Chrome (CVE-2026-6296) was rated critical for its potential to allow a sandbox escape. As an early warning indicator, the Exploit Prediction Scoring System (EPSS) score for CVE-2025-68109 has surged by over 43 percentage points, indicating a dramatically increased likelihood of future exploitation that warrants proactive attention.

In the News

• European gym chain Basic-Fit disclosed a cyberattack that exposed the personal data of approximately one million members.
• Rockstar Games confirmed it was hacked by the ShinyHunters threat group, which is attempting to extort the company to prevent a data leak.
• Education publisher McGraw-Hill announced it suffered a data breach involving over 100GB of data following an extortion attempt.