Security researchers have identified multiple serious vulnerabilities in widely-used business software that hackers are already exploiting. The flaws affect systems used by thousands of organizations, making this a critical concern for IT administrators and companies worldwide.
SonicWall, a company that makes network security products, discovered two dangerous gaps in their SMA 1000 devices. These devices help companies allow employees to safely connect to work networks from home. One of the vulnerabilities is particularly serious because it could allow attackers to run administrator commands on affected systems. This means hackers could potentially take complete control of a company's security system.
The attacks are not theoretical threats—they are actively happening right now. Hackers have already begun using these vulnerabilities to target organizations. SonicWall has warned all customers to install security patches immediately to close these gaps.
The problem extends beyond just one company. Joomla, a popular platform for building websites, has also been hit with zero-day exploits. Two specific tools called iCagenda and Balbooa Forms have critical flaws that attackers are already using in real attacks. Zero-day vulnerabilities are especially dangerous because they are unknown to the software maker when attacks begin.
Microsoft also released urgent security information in their July 2026 Patch Tuesday update, which fixed an enormous number of problems. The update addressed 570 different vulnerabilities, including three zero-day flaws that were being actively exploited. Additionally, the U.S. government agency CISA warned administrators about actively exploited flaws in Microsoft SharePoint, another widely-used business application.
These discoveries highlight a growing trend of attackers targeting common business software tools. Many organizations rely on these systems to operate daily functions, making them attractive targets for cybercriminals seeking to steal information or disrupt operations.
Security experts stress that organizations should act quickly to protect themselves. Installing security patches as soon as they become available is the most important defense against these attacks. Companies using affected software should prioritize updates to SonicWall devices, Joomla installations, Microsoft SharePoint, and Microsoft products immediately. Delaying patches increases the risk of successful attacks that could compromise sensitive company data and customer information.