🚨 CRITICAL ALERT: Active Zero-Day Exploits

URGENT: CISA has added three CRITICAL vulnerabilities (CVSS 8.6-9.8) to the Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations using Microsoft Exchange Server, Fortinet FortiClientEMS, and Adobe Acrobat Reader face immediate risk of remote code execution. Apply patches NOW to prevent compromise.

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2023-21529 (CVSS: 8.8): Microsoft Exchange Server Remote Code Execution Vulnerability via insecure deserialization. Authenticated attackers with network access can execute arbitrary code, leading to full server compromise, data exfiltration, and lateral movement. Affects Exchange Server 2013, 2016, 2019. View NVD | CISA KEV
• CVE-2026-21643 (CVSS: 9.8): SQL injection vulnerability in Fortinet FortiClientEMS 7.4.4 allows unauthenticated attackers to execute unauthorized code or commands via crafted HTTP requests. View NVD | CISA KEV
• CVE-2026-34621 (CVSS: 8.6): Prototype Pollution vulnerability in Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution with user interaction (malicious file open). View NVD | CISA KEV

⚡ Immediate Actions Required

• Patch immediately: Apply vendor updates for all affected products per CISA KEV deadlines (April 13, 2026).
• Exchange Server: Verify authentication controls, restrict management interfaces, monitor for deserialization attempts (CWE-502).
• FortiClientEMS: Block unauthorized HTTP access, apply Fortinet patches urgently due to unauthenticated RCE.
• Acrobat Reader: Update to latest version, implement file open restrictions, educate users on malicious PDFs.
• Enterprise-wide: Hunt for indicators of compromise, enable logging, segment critical email/infrastructure systems.

Exploitation confirmed active – delay risks full network compromise.