Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

25 articles found

Featured Story

high

Apr 27, 2026

highCVE AdvisoryVulnerability

HIGH: Bitwarden CLI Hit by Shai-Hulud Third Coming Worm in Checkmarx Supply Chain Cascade

A poisoned build of @bitwarden/cli version 2026.4.0 lived on the npm registry for roughly ninety minutes on April 22, 2026, infecting around 334 developer machines with the third generation of the Shai-Hulud worm. The attack chained off the prior compromise of the checkmarx/ast-github-action GitHub Action, harvested cloud credentials, GitHub and npm tokens, and AI coding tool configs, then self-propagated by injecting malicious workflows into accessible repositories.

By Danny MercerRead Full Article

high

CVE AdvisoryVulnerability•Apr 11, 2026

HIGH: Fortinet Warns of Persistent Access Technique That Survives Even After Patching

Fortinet has disclosed that threat actors are using a symlink-based technique to maintain read-only access to FortiGate devices even after security patches are applied. The method exploits the SSL-VPN language files directory to create persistent filesystem access.

critical

CVE AdvisoryVulnerability•Apr 9, 2026

CRITICAL: Adobe Reader Zero-Day Has Been Quietly Pwning Users Since December

A sophisticated zero-day in Adobe Reader has been exploited in the wild since at least December 2025. Malicious PDFs disguised as invoices automatically execute JavaScript to harvest data and download additional payloads. No patch is currently available.

critical

CVE AdvisoryVulnerability•Apr 7, 2026

Flowise AI CVE-2025-59528: 12,000 Instances Vulnerable to RCE

CVE-2025-59528 is a CVSS 10.0 RCE flaw in Flowise AI agent builder with 12,000 exposed instances. Here is who is affected, how to check, and what to patch.

critical

CVE AdvisoryVulnerability•Mar 31, 2026

CRITICAL: ChatGPT's Hidden Data Leak: How OpenAI's Code Execution Runtime Became a Covert Exfiltration Channel

Check Point researchers discovered a ChatGPT vulnerability allowing silent data exfiltration via DNS queries from the code execution sandbox. Separately, BeyondTrust found a critical command injection flaw in OpenAI Codex that enabled GitHub token theft through malicious branch names.

high

CVE AdvisoryVulnerability•Mar 30, 2026

Russian CTRL Toolkit Uses Named Pipes to Evade Detection

Censys discovered CTRL, a Russian RAT using named pipes and RDP tunneling to evade network monitoring. Built to stay hidden while maintaining full network access.

critical

CVE AdvisoryVulnerability•Mar 28, 2026

CRITICAL: LangChain and LangGraph Vulnerabilities: Your AI Stack Just Became Your Biggest Liability

Three critical vulnerabilities in LangChain and LangGraph let attackers steal files from filesystems, siphon API keys and environment secrets, and pillage conversation histories. With 84 million weekly downloads, most enterprise AI deployments are affected.

critical

CVE AdvisoryVulnerability•Mar 27, 2026

CRITICAL: Three Critical Flaws in LangChain and LangGraph Could Drain Your AI Applications Dry

Security researchers at Cyera disclosed three vulnerabilities in LangChain and LangGraph affecting millions of AI applications. Path traversal, deserialization, and SQL injection flaws expose filesystem contents, environment secrets, and conversation histories.

high

CVE AdvisoryVulnerability•Mar 26, 2026

HIGH: Device Code Phishing Campaign Hammers 340+ Microsoft 365 Organizations

Over 340 organizations across five countries compromised in aggressive device code phishing campaign exploiting OAuth device authorization flow. Attackers harvest tokens that survive password resets using PhaaS platform EvilTokens.

critical

CVE AdvisoryVulnerability•Mar 24, 2026

Oracle Identity Manager RCE: CVSS 9.8 Flaw Needs Immediate Patch

Oracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.

critical

CVE AdvisoryVulnerability•Mar 23, 2026

Trivy Supply Chain Attack Compromises 75 GitHub Actions Tags

A second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.

high

CVE AdvisoryVulnerability•Mar 22, 2026

HIGH: DOJ Dismantles Massive IoT Botnet Network Behind Record-Breaking 31.4 Tbps DDoS Attacks

U.S. authorities dismantled four IoT botnets (AISURU, Kimwolf, JackSkid, Mossad) responsible for the largest DDoS attacks ever recorded. Over 3 million enslaved devices generated attacks exceeding 31 Tbps.

high

CVE AdvisoryVulnerability•Mar 22, 2026

Kubernetes RBAC Exploited for Cryptomining: 2,000+ Clusters Hit

Over 2,000 Kubernetes clusters compromised through RBAC misconfigurations. Attackers deploy cryptominers via default service accounts. Check your clusters now.

critical

CVE AdvisoryVulnerability•Mar 20, 2026

VMware ESXi VM Escape Vulnerability: Patch CVE-2026-22972 Now

Critical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.

critical

CVE AdvisoryVulnerability•Mar 19, 2026

CRITICAL: DarkSword iOS Exploit Kit Turning iPhones Into Intelligence Goldmines

Sophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.

critical

CVE AdvisoryVulnerability•Mar 4, 2026

Jenkins Arbitrary File Read Vulnerability Leaks Secrets from C...

A critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.

critical

CVE AdvisoryVulnerability•Feb 28, 2026

Citrix NetScaler Gateway Authentication Bypass Exposes Thousan...

A critical authentication bypass in Citrix NetScaler Gateway and ADC allows attackers to access protected resources without valid credentials.

critical

CVE AdvisoryVulnerability•Feb 26, 2026

SonicWall Firewalls Vulnerable to Pre-Auth RCE

SonicWall discloses a critical pre-authentication RCE vulnerability affecting SMA and SonicOS products.

critical

CVE AdvisoryVulnerability•Feb 21, 2026

Atlassian Confluence RCE Vulnerability Being Mass-Exploited Wi...

A critical RCE vulnerability in Atlassian Confluence is being mass-exploited by multiple threat actors.

critical

CVE AdvisoryVulnerability•Feb 9, 2026

Ivanti Connect Secure Under Siege

Ivanti discloses another actively exploited zero-day chain in Connect Secure VPN appliances. CVE-2026-0778 and CVE-2026-0779 allow unauthenticated attackers ...

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Page 1 of 2Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.