The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms regarding critical vulnerabilities in Microsoft SharePoint and Zimbra, highlighting ongoing cyber threats that have led to active exploitation. These warnings come at a time when organizations across various sectors are increasingly vulnerable to targeted attacks, particularly from state-sponsored groups and ransomware actors.

Critical Vulnerabilities Identified

CISA has recently added two significant vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-20963 and CVE-2025-66376. The former, a deserialization vulnerability in Microsoft SharePoint, has a CVSS score of 8.8, indicating a high severity level. This flaw allows for remote code execution, which can enable attackers to execute malicious code on affected systems.

The latter vulnerability, CVE-2025-66376, has been linked to a suspected Russian state-sponsored group known for its cyber operations against Ukraine. Reports from Seqrite Labs indicate that this vulnerability has been actively exploited in a campaign termed Operation GhostMail, specifically targeting Ukraine’s State Hydrographic Service. This operation underscores the geopolitical tensions that are often reflected in the cyber domain.

Active Exploitation and Threat Landscape

CISA’s warnings come at a crucial time as the threat landscape continues to evolve, with cybercriminals increasingly adopting sophisticated tactics. The agency has emphasized the urgency of addressing these vulnerabilities, particularly as they are currently being exploited in the wild. Organizations are urged to take immediate steps to mitigate the risks associated with these flaws.

To help organizations understand the implications of these vulnerabilities, CISA has provided detailed guidance on how to protect against potential exploitation. This includes recommendations for applying patches, implementing security controls, and monitoring for signs of suspicious activity.

Cisco Zero-Day Vulnerability Under Attack

In a separate but equally concerning development, ransomware actors have been exploiting a zero-day vulnerability in Cisco firewalls, identified as CVE-2026-20131, which carries a staggering CVSS score of 10.0. This vulnerability has been actively targeted since January 26, 2026, affecting a range of sectors including education, healthcare, and government. The exploitation of this flaw has raised significant alarm, as it has the potential to disrupt critical services and compromise sensitive information across these vital sectors.

Ransomware groups have demonstrated a pattern of targeting organizations that provide essential services, aiming for maximum disruption and financial gain. The exploitation of such high-severity vulnerabilities can lead to catastrophic consequences, including data breaches and service outages.

Recommendations for Organizations

In light of these vulnerabilities and the ongoing threat of ransomware attacks, organizations are advised to take the following actions:

• Patch Management: Ensure that all systems are up to date with the latest security patches, particularly for Microsoft SharePoint and Cisco firewalls.
• Network Monitoring: Implement robust monitoring systems to detect unusual activity that may indicate an attempted exploit.
• Incident Response Planning: Develop and regularly update incident response plans to ensure swift action in the event of a security breach.
• User Education: Train employees on cybersecurity best practices, including recognizing phishing attempts and securing sensitive information.
• Backup Data: Regularly back up critical data and ensure that backups are stored in a secure location to mitigate the impact of ransomware attacks.

Conclusion

The recent warnings from CISA about the critical vulnerabilities in Microsoft SharePoint and Cisco firewalls serve as a stark reminder of the ever-evolving cybersecurity landscape. Organizations must remain vigilant and proactive in their cybersecurity efforts to defend against a growing array of threats. By understanding the nature of these vulnerabilities and implementing recommended security measures, businesses can better protect themselves against the potential fallout from cyberattacks.

As the cyber threat environment continues to shift, staying informed and prepared is crucial for safeguarding sensitive data and maintaining operational integrity in the face of adversity.