Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.
A sophisticated zero-day in Adobe Reader has been exploited in the wild since at least December 2025. Malicious PDFs disguised as invoices automatically execute JavaScript to harvest data and download additional payloads. No patch is currently available.
CVE-2025-59528 is a CVSS 10.0 RCE flaw in Flowise AI agent builder with 12,000 exposed instances. Here is who is affected, how to check, and what to patch.
Read moreCheck Point researchers discovered a ChatGPT vulnerability allowing silent data exfiltration via DNS queries from the code execution sandbox. Separately, BeyondTrust found a critical command injection flaw in OpenAI Codex that enabled GitHub token theft through malicious branch names.
Read moreThree critical vulnerabilities in LangChain and LangGraph let attackers steal files from filesystems, siphon API keys and environment secrets, and pillage conversation histories. With 84 million weekly downloads, most enterprise AI deployments are affected.
Read moreSecurity researchers at Cyera disclosed three vulnerabilities in LangChain and LangGraph affecting millions of AI applications. Path traversal, deserialization, and SQL injection flaws expose filesystem contents, environment secrets, and conversation histories.
Read moreOracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.
Read moreA second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.
Read moreCritical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Read moreSophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.
Read moreA critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.
Read moreA critical authentication bypass in Citrix NetScaler Gateway and ADC allows attackers to access protected resources without valid credentials.
Read moreSonicWall discloses a critical pre-authentication RCE vulnerability affecting SMA and SonicOS products.
Read moreA critical RCE vulnerability in Atlassian Confluence is being mass-exploited by multiple threat actors.
Read moreIvanti discloses another actively exploited zero-day chain in Connect Secure VPN appliances. CVE-2026-0778 and CVE-2026-0779 allow unauthenticated attackers ...
Read moreA critical vulnerability in Microsoft Teams allows attackers to deliver malware through specially crafted meeting invitations.
Read moreNation-state actors exploiting a critical zero-day in Palo Alto GlobalProtect VPN targeting defense contractors. Patch now or isolate affected systems.
Read moreA Chinese state-sponsored group turned Anthropic's Claude into the hacker itself, building a framework that allowed the AI to independently infiltrate networks, harvest credentials, and steal data. This was the first documented case of AI doing the hacking, not just assisting it.
Read moreThis week's cybersecurity developments demonstrate how quickly attackers are co-opting existing infrastructure. From Google's disruption of the IPIDEA residential proxy network to Microsoft's 114-flaw Patch Tuesday, the patterns show attackers prioritizing persistence over speed.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.