Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

32 articles found

Featured Story

high

Apr 28, 2026

highCVE AdvisoryVulnerability

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

By Danny MercerRead Full Article

high

CVE AdvisoryVulnerability•Apr 24, 2026

HIGH: LMDeploy CVE-2026-33626 SSRF Exploited Within Hours of Disclosure

A server-side request forgery flaw in the LMDeploy vision-language pipeline was under active exploitation twelve hours and thirty-one minutes after public disclosure, and no upstream patch has shipped yet. Attackers are already probing exposed instances for AWS metadata credentials, Redis on localhost, and loopback services.

high

CVE AdvisoryVulnerability•Apr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

critical

CVE AdvisoryVulnerability•Apr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

high

CVE AdvisoryVulnerability•Apr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

critical

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

critical

CVE AdvisoryVulnerability•Apr 16, 2026

CRITICAL: Unauthenticated nginx-ui Flaw Gives Attackers Complete Control of Your Web Server

CVE-2026-33032 is a critical vulnerability in nginx-ui that allows unauthenticated attackers to take complete control of nginx services. The flaw exists because one MCP endpoint forgot to check authentication while another requires it. CISA has added it to the KEV catalog.

critical

CVE AdvisoryVulnerability•Apr 14, 2026

CRITICAL: Kubernetes Image Builder Flaw Leaves Default SSH Credentials on VM Images

CVE-2024-9486 is a critical CVSS 9.8 vulnerability in Kubernetes Image Builder that leaves default SSH credentials baked into VM images. The builder account with a well-known password persists in finished images, giving attackers root access to deployed nodes.

high

CVE AdvisoryVulnerability•Apr 2, 2026

HIGH: Chrome Zero-Day Number Four Just Dropped: CVE-2026-5281 Hits the WebGPU Stack

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.

critical

CVE AdvisoryVulnerability•Mar 20, 2026

Veeam Backup Critical Flaw Lets Ransomware Gangs Delete Your L...

Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.

critical

CVE AdvisoryVulnerability•Mar 18, 2026

KVM Switch Vulnerabilities: 9 Flaws Give Attackers Hardware Access

Nine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.

critical

CVE AdvisoryVulnerability•Mar 17, 2026

CRITICAL: CISA Adds Wing FTP Vulnerability to KEV as Attackers Chain Flaws for Remote Access

CISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.

high

CVE AdvisoryVulnerability•Mar 16, 2026

HIGH: Google Patches Two Chrome Zero-Days Actively Exploited in the Wild

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.

critical

CVE AdvisoryVulnerability•Mar 15, 2026

CRITICAL: Google Patches Two Chrome Zero-Days Under Active Attack — Update Your Browser Now

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.

critical

CVE AdvisoryVulnerability•Mar 14, 2026

Apache Tomcat RCE Vulnerability Actively Exploited

CVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.

CVE-2017-7921

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2017-7921 CVSS 9.8 •Mar 6, 2026

CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEV Catalog — Attacks Are Active

CISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.

CVE-2026-22719

critical

CVSS 8.1

CVE AdvisoryVulnerabilityCVE-2026-22719 CVSS 8.1 •Mar 5, 2026

VMware Aria Operations Under Active Attack: CISA Orders Federal Agencies to Patch Immediately

CISA added CVE-2026-22719 (CVSS 8.1) to the Known Exploited Vulnerabilities catalog after confirming active exploitation. The command injection flaw in VMware Aria Operations allows unauthenticated RCE. Federal agencies must patch by March 24, 2026.

CVE-2026-21513

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-21513 CVSS 8.8 •Mar 2, 2026

Russia's APT28 Was Already Exploiting That Windows MSHTML Flaw Before Microsoft Patched It

Akamai confirmed APT28 exploited CVE-2026-21513 (CVSS 8.8) in Windows MSHTML before Microsoft's February patch. The attack uses crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security via ShellExecuteExW invocation. Samples linked to APT28 infrastructure appeared on VirusTotal two weeks before the fix.

CVE-2026-22769

critical

CVSS 10.0

CVE AdvisoryVulnerabilityCVE-2026-22769 CVSS 10.0 •Feb 19, 2026

Dell RecoverPoint Zero-Day: Chinese Hackers Had 18 Months Head Start

A maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.

CVE-2026-2441

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-2441 CVSS 8.8 •Feb 16, 2026

Chrome Zero-Day CVE-2026-2441 Exploited in the Wild: Update Now

Google patches CVE-2026-2441, a high-severity use-after-free in Chrome actively exploited in the wild. This is Chrome first zero-day of 2026. Update immediately.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Page 1 of 2Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.