A wave of high-severity vulnerabilities is under active exploitation this week, impacting widely deployed platforms from Palo Alto Networks, Ivanti, Apache, and the Linux kernel. Organizations are urged to prioritize patching to prevent full system compromise.
PAN-OS and Ivanti EPMM Under Fire
Attackers are actively exploiting CVE-2026-6973 in Ivanti Endpoint Manager Mobile (EPMM) to gain admin-level access. This remote code execution vulnerability is being used in the wild and could allow a threat actor to take complete control of affected mobile management servers. Separately, a critical flaw in Palo Alto Networks PAN-OS is also being actively exploited, enabling remote code execution that can lead to root access and espionage. Administrators running PAN-OS or Ivanti EPMM should apply vendor patches immediately without delay.
Apache HTTP/2 and Linux Kernel Dirty Frag
A critical vulnerability in the Apache HTTP/2 module, tracked as [CVE-2026-23918](https://cve.org/CVE-2026-23918), can enable both Denial of Service and potential Remote Code Execution. Servers using the HTTP/2 protocol are at risk if unpatched. On the operating system front, a new Linux kernel local privilege escalation exploit named “Dirty Frag” has been released, giving attackers root access across major Linux distributions. This exploit leverages a flaw in the kernel’s fragment handling code and poses a significant risk to any unpatched Linux server.
cPanel, WHM, and Cloud Threats
cPanel and WHM have released fixes for three new vulnerabilities, making it critical for hosting providers to update their control panels. Meanwhile, a new credential stealer called PCPJack is exploiting five different CVEs to spread worm-like across cloud systems. Researchers also revealed that fake call history apps on the Google Play Store with 7.3 million downloads were stealing user payments, highlighting the continued threat from malicious mobile applications.
Source: The Hacker News
