Vulnerability advisories
Fast-turnaround notes from Vectra Labs when a vulnerability or campaign shows up in customer telemetry. Each advisory carries an impact assessment, recommended mitigations, and IOCs where relevant.
-
Critical
CVE-2026-0117: Exchange on-prem RCE under active exploitation
Unauthenticated remote code execution observed in the wild against on-premises Exchange. Exploit chained with NTLM relay; containment guidance and network IOCs attached.
Read -
Campaign
Widespread credential stuffing against Australian loyalty programs
Residential-proxy backed credential-stuffing burst observed across multiple retail customers. Rate-limiting and bot-defence tuning attached.
Read -
Critical
CVE-2026-0042: ConnectWise ScreenConnect auth bypass
Authentication bypass allowing takeover of ScreenConnect instances exposed to the internet. Patch and hardening steps attached.
Read -
Supply chain
Malicious GitHub Actions targeting AU fintech
Campaign substituting legitimate actions with typosquatted alternatives that exfiltrate cloud credentials. Detection rules attached.
Read
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.