This briefing covers the 24-hour period from March 24-25, 2026, revealing a concerning surge in vulnerabilities affecting critical enterprise infrastructure and AI/ML platforms. The most significant findings include three CRITICAL-severity vulnerabilities (CVE-2025-33244, CVE-2026-33340, CVE-2025-71275) enabling remote code execution in widely-deployed systems. NVIDIA's AI/ML ecosystem faces widespread exploitation risk with 11 HIGH-severity vulnerabilities across NeMo Framework, Megatron-LM, and Triton Inference Server, all enabling RCE through malicious checkpoint/model files. Additionally, 50 malware distribution URLs were identified, predominantly delivering Mozi botnet payloads targeting IoT devices and network infrastructure, alongside an active ClearFake/ACRStealer campaign using fake Google verification pages.
Organizations using NVIDIA AI frameworks, Zimbra email servers, NGINX web servers, or pyLoad download managers face immediate exploitation risk and should prioritize patching. The Mozi botnet activity indicates sustained targeting of vulnerable IoT devices with weak credentials, while the ClearFake campaign demonstrates sophisticated social engineering to deliver credential stealers. The concentration of SSRF and deserialization vulnerabilities across multiple platforms suggests attackers are actively targeting these vulnerability classes for initial access and lateral movement.
Immediate actions required include patching all CRITICAL and HIGH-severity CVEs, particularly in internet-facing systems; implementing strict input validation for file upload endpoints; reviewing NGINX and Zimbra configurations; and blocking identified malicious URLs and domains at network perimeters. Organizations deploying AI/ML workloads must implement strict controls on model/checkpoint file sources and validate all inputs before processing.
Three CRITICAL-severity vulnerabilities require immediate attention, enabling unauthenticated remote code execution in widely-deployed enterprise systems.
Zimbra Collaboration Suite 8.8.15 PostJournal service contains a command injection vulnerability allowing unauthenticated attackers to execute arbitrary system commands via SMTP injection exploiting improper sanitization of RCPT TO parameter. Critical risk for email infrastructure.
Critical Server-Side Request Forgery in LoLLMs WEBUI /api/proxy endpoint allows unauthenticated attackers to perform SSRF attacks against internal services. All known versions affected, enabling reconnaissance and exploitation of internal infrastructure.
NVIDIA APEX for Linux contains unsafe deserialization vulnerability affecting environments using PyTorch versions before 2.6. Enables code execution, denial of service, and data tampering. Critical for AI/ML infrastructure using older PyTorch versions.
Widespread vulnerabilities across NVIDIA's AI/ML ecosystem affecting NeMo Framework, Megatron-LM, Triton Inference Server, and Model Optimizer. All enable RCE through malicious model/checkpoint files.
Multiple RCE vulnerabilities in NVIDIA NeMo Framework checkpoint loading functionality. Attackers can achieve code execution, privilege escalation, information disclosure, and data tampering by convincing users to load malicious checkpoint files.
Three distinct RCE vulnerabilities in NVIDIA Megatron-LM affecting checkpoint loading and inferencing. CVE-2025-33247 and CVE-2025-33248 add quantization config and hybrid conversion script vectors. All enable full system compromise through malicious ML files.
Multiple denial of service vulnerabilities in NVIDIA Triton Inference Server affecting HTTP endpoint, internal state, and Sagemaker HTTP server. Enables service disruption through crafted payloads and exceptions.
NVIDIA Model Optimizer for Windows and Linux ONNX quantization feature vulnerable to unsafe deserialization. Specially crafted input files enable code execution, privilege escalation, and data compromise.
Critical vulnerabilities in web servers, file managers, and workflow engines enabling path traversal, XSS, SSRF, and broken access control attacks.
NGINX Open Source and Plus ngx_http_mp4_module contains buffer over-read/over-write vulnerabilities via crafted MP4 files. CVE-2026-27784 specifically affects 32-bit implementations. Enables worker memory corruption, termination, or code execution.
FileRise versions 1.0.1 to before 3.10.0 vulnerable to path traversal through unsanitized resumableIdentifier parameter in Resumable.js upload handler. Authenticated attackers can write arbitrary files to filesystem.
Dagu workflow engine versions 2.0.0 to before 2.3.1 incomplete fix for CVE-2026-27598. Path traversal remains in GET, DELETE, RENAME API endpoints despite patch to CREATE path, enabling arbitrary file operations.
Wallos subscription tracker version before 4.7.0 contains incomplete SSRF fix from CVE-2026-30839/30840. Protection added to test endpoints but not corresponding production notification endpoints, enabling continued SSRF exploitation.
Stored cross-site scripting vulnerability in oRPC OpenAPI documentation generation before version 1.13.9. Attacker-controlled OpenAPI specification fields enable persistent XSS attacks against documentation viewers.
Multiple broken access control vulnerabilities enabling unauthorized access, privilege escalation, and account takeover across various platforms.
Improper input validation in UniFi Network Server versions 10.1.85 and earlier allows unauthorized account access through social engineering attacks. Users can be tricked into clicking malicious links leading to account compromise.
Vikunja before 2.2.1 TaskAttachment.ReadOne() queries attachments by ID only, ignoring task ID validation. Permission checks validate wrong task, enabling access to attachments from unauthorized tasks (IDOR vulnerability).
Vikunja before 2.2.2 LinkSharing.ReadAll() allows link share authenticated users to list all project link shares including secret hashes, despite CanRead() correctly blocking access. Enables unauthorized access to shared project links.
Vikunja before 2.2.0 password reset function sets user status to Active without checking if account was previously disabled. Disabled users can regain account access through password reset flow, bypassing administrative controls.
FileRise before 3.10.0 broken access control in ONLYOFFICE integration. Read-only users can obtain signed save callbackUrl and forge ONLYOFFICE save callbacks to modify files they should only be able to view.
Remaining high-severity vulnerabilities affecting various systems including pyLoad, FreeIPMI, libtiff, Free5GC, and DedeCMS.
pyLoad 0.4.0 to before 0.5.0b3.dev97 set_config_value() API allows users with SETTINGS permission to modify any config option including reconnect.script, potentially enabling privilege escalation and command execution.
FreeIPMI before 1.16.17 ipmi-oem component contains exploitable buffer overflows on response messages. Affects large number of hardware manufacturers implementing IPMI for platform management. Remote exploitation possible.
Signed integer overflow in libtiff putcontig8bitYCbCr44tile function enables out-of-bounds heap write through crafted TIFF files. Incorrect memory pointer calculations lead to potential code execution.
Free5GC v4.2.0 and earlier vulnerable to remote DoS via HandleAuthenticationFailure function in AMF component. Attackers can disrupt 5G core network authentication services.
DedeCMS v5.7.118 vulnerable to Cross-Site Request Forgery in /sys_task_add.php endpoint. Attackers can trick authenticated administrators into performing unauthorized task management actions.
50 malicious URLs identified distributing Mozi botnet payloads and ClearFake/ACRStealer campaigns. Sustained targeting of IoT devices and credential theft operations.
41 URLs distributing Mozi botnet variants targeting IoT devices with 32-bit ELF binaries for ARM and MIPS architectures. Payloads delivered via HTTP from compromised devices on ports 35000-60000. Primary targets include routers, cameras, and network devices with default credentials. Chinese IP space heavily represented in C2 infrastructure.
9 HTTPS URLs hosting fake Google verification pages distributing ACRStealer malware. Domains use patterns like stone-blink.in.net, cl0verrun.in.net, and thistlecore.in.net. Social engineering attack leveraging trusted Google branding to steal credentials and browser data.
Analysis of malware distribution reveals focused exploitation of IoT vulnerabilities and sophisticated social engineering for credential theft.
Mozi botnet campaign demonstrates sustained targeting of network-connected devices with weak authentication. Attackers scan for exposed management interfaces, exploit default credentials, and deploy multi-architecture malware payloads. Self-propagating worm behavior observed with infected devices becoming distribution points.
NVIDIA vulnerability cluster reveals new attack vector through malicious AI/ML model files. Attackers can embed code in checkpoints, quantization configs, and ONNX models. Organizations downloading pre-trained models from untrusted sources face RCE risk. Represents emerging supply chain threat in AI/ML workflows.
Healthcare organization case study demonstrates effectiveness of interactive malware analysis platforms in reducing alert fatigue and investigation time.
Canada-based Health Shared Services organization achieved significant improvements in SOC investigation workflows using ANY.RUN interactive sandbox. Interim CISO reports reduced alert fatigue and faster mean time to detect (MTTD) and respond (MTTR) through behavioral malware analysis capabilities. Relevant for healthcare sector facing increased targeting.