Stay ahead of emerging threats with expert analysis, vulnerability reports, and cybersecurity insights.
CVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure. CISA added to KEV. Patch immediately.
CISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.
Read moreCISA added CVE-2026-22719 (CVSS 8.1) to the Known Exploited Vulnerabilities catalog after confirming active exploitation. The command injection flaw in VMware Aria Operations allows unauthenticated RCE. Federal agencies must patch by March 24, 2026.
Read moreAkamai confirmed APT28 exploited CVE-2026-21513 (CVSS 8.8) in Windows MSHTML before Microsoft's February patch. The attack uses crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security via ShellExecuteExW invocation. Samples linked to APT28 infrastructure appeared on VirusTotal two weeks before the fix.
Read moreA maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.
Read moreGoogle released emergency updates to patch CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome that is being actively exploited in the wild. This marks Chrome's first zero-day of 2026.
Read moreA critical pre-authentication RCE vulnerability in BeyondTrust Remote Support and Privileged Remote Access is now being actively exploited after a proof-of-concept was published. With a CVSS of 9.9 and approximately 8,500 unpatched on-premise deployments exposed, organizations must patch immediately.
Read moreApple patches CVE-2026-20700, a memory corruption flaw in dyld exploited in sophisticated attacks. The vulnerability completes a three-stage exploit chain with two December 2025 bugs (CVE-2025-14174, CVE-2025-43529) discovered by Google TAG, likely used in mercenary spyware operations.
Read moreMicrosoft's February 2026 Patch Tuesday fixes 59 vulnerabilities including six actively exploited zero-days. CISA has added all six to KEV with March 3rd deadline. Critical bugs in Windows Shell, MSHTML, Word, and privilege escalation in Desktop Window Manager and Remote Desktop.
Read moreCritical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.
Read moreCVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.
Read moreCVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.
Read moreResearchers discovered DockerDash, a critical vulnerability in Docker Ask Gordon AI feature that lets attackers execute code by hiding malicious instructions in image metadata. The attack exploits blind trust between the AI assistant and MCP Gateway. Patched in Docker Desktop 4.50.0.
Read moreRussia's APT28 began exploiting Microsoft Office CVE-2026-21509 just 72 hours after disclosure, targeting Ukraine, Slovakia, and Romania with email-stealing malware and Covenant implants.
Read moreMicrosoft announces three-phase plan to disable NTLM by default in Windows, pushing enterprises toward Kerberos authentication after decades of security issues.
Read moreA critical authentication bypass vulnerability (CVSS 9.8) in Fortinet FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb allows attackers with a FortiCloud account to access devices registered to other accounts when FortiCloud SSO is enabled. This vulnerability is actively being exploited in the wild.
Read moreA high-severity Microsoft Office zero-day (CVE-2026-21509) is being actively exploited to bypass security controls designed to block risky COM and OLE content. Successful exploitation requires a user to open a malicious Office document, enabling follow-on payload execution and intrusion activity. Apply Microsoft's out-of-band update immediately or deploy the recommended registry-based mitigation if patching is delayed.
Read moreReact2Shell refers to a newly disclosed set of exploitation paths affecting React Server Components and modern server-side rendering workflows. In vulnerable implementations, attackers may escalate from user-driven application behavior into sensitive server-side execution, data access, or compromise of backend services. Organizations using RSC or SSR patterns should audit server-executed components, reduce dynamic execution paths, and apply strict validation and least-privilege controls.
Read moreSubscribe to our newsletter and get the latest security insights delivered to your inbox.