Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles AdvisoryCyber AttackData BreachExploitMalwareThreat ActorVulnerability
Severity: All Critical High Medium Low
98 articles found
Featured Story
high
Apr 28, 2026
highCVE AdvisoryVulnerability

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

By Danny MercerRead Full Article
high
CVE AdvisoryVulnerabilityApr 27, 2026

HIGH: Bitwarden CLI Hit by Shai-Hulud Third Coming Worm in Checkmarx Supply Chain Cascade

A poisoned build of @bitwarden/cli version 2026.4.0 lived on the npm registry for roughly ninety minutes on April 22, 2026, infecting around 334 developer machines with the third generation of the Shai-Hulud worm. The attack chained off the prior compromise of the checkmarx/ast-github-action GitHub Action, harvested cloud credentials, GitHub and npm tokens, and AI coding tool configs, then self-propagated by injecting malicious workflows into accessible repositories.

Read more
critical
CVE AdvisoryVulnerabilityApr 26, 2026

CRITICAL: FIRESTARTER Backdoor Squats on Federal Cisco Firewall, Survives Every Patch

A US federal civilian executive branch agency had its Cisco Firepower firewall compromised by China-linked UAT4356 in September 2025, with the attackers maintaining access through March 2026 via FIRESTARTER, a backdoor that survives firmware updates and reboots. CISA Analysis Report AR26-113A confirms exploitation of CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 in Cisco ASA and FTD software.

Read more
critical
CVE AdvisoryVulnerabilityApr 25, 2026

CRITICAL: FIRESTARTER Backdoor Survives Cisco Firewall Patches in ArcaneDoor Federal Breach

CISA and the UK NCSC went public with a joint advisory on FIRESTARTER, a stealth implant tied to the UAT-4356 ArcaneDoor crew that survived firmware updates and security patches on a Cisco Firepower device inside a federal civilian agency. The malware chains CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 to gain root on Cisco ASA and FTD appliances, then hooks LINA and persists through reboots until a hard power cycle is performed.

Read more
high
CVE AdvisoryVulnerabilityApr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

Read more
critical
CVE AdvisoryVulnerabilityApr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

Read more
high
CVE AdvisoryVulnerabilityApr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

Read more

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen TestingMSP Partner Program
Page 1 of 5Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.