Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

5 articles found

criticalCVE AdvisoryVulnerability

Dell RecoverPoint Zero-Day: Chinese Hackers Had 18 Months Head Start

A maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.

By Danny MercerRead Full Article

CVE-2026-1731

critical

CVSS 9.9

CVE AdvisoryVulnerabilityCVE-2026-1731 CVSS 9.9 •Feb 15, 2026

BeyondTrust Remote Support Under Active Attack After PoC Drops

A critical pre-authentication RCE vulnerability in BeyondTrust Remote Support and Privileged Remote Access is now being actively exploited after a proof-of-concept was published. With a CVSS of 9.9 and approximately 8,500 unpatched on-premise deployments exposed, organizations must patch immediately.

CVE-2025-1974

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2025-1974 CVSS 9.8 •Feb 8, 2026

Ingress-NGINX Remote Code Execution: Your Kubernetes Cluster's Front Door Is Wide Open

Critical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.

CVE-2026-25049

critical

CVSS 9.4

CVE AdvisoryVulnerabilityCVE-2026-25049 CVSS 9.4 •Feb 5, 2026

n8n Sandbox Escape: A Critical Reminder That Patches Need Patches

CVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.

CVE-2025-25257

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2025-25257 CVSS 9.8 •Feb 4, 2026

FortiWeb's Pre-Auth SQL Injection Is Being Exploited Right Now

CVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.