Security Articles

Stay ahead of emerging threats with expert analysis from 137 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 9, 2026, the most urgent items for production stacks: the "Miasma" worm has detonated across 73 Microsoft-owned GitHub repositories in an npm supply-chain cascade — a software supply-chain attack means malicious code is planted in a trusted package your developers already install, so it spreads automatically into everything that depends on it — making any team that pulls JavaScript packages from npm a potential downstream victim; audit your dependencies and pin trusted versions now. The Cisco Catalyst SD-WAN Manager zero-day CVE-2026-20245 remains under active exploitation with no patch available yet — restrict management-interface access and watch Cisco's advisory for the fix. Cisco Unified Communications Manager flaw CVE-2026-20230 hands attackers root through a server-side request forgery (SSRF) bug — a server tricked into making attacker-controlled requests — and a working proof-of-concept exploit is already public, so patch now. The Mirasvit Cache Warmer bug CVE-2026-45247 is being used for active remote code execution (RCE — running attacker code on your server) against Magento e-commerce stores. Still carrying forward: the HTTP/2 "Bomb" CVE-2026-49975 lets a single home connection knock NGINX, Apache, IIS, and Cloudflare web servers offline; Palo Alto GlobalProtect authentication-bypass CVE-2026-0257 remains on the CISA Known Exploited Vulnerabilities (KEV) catalog under active exploitation; and the WP Maps Pro WordPress flaw CVE-2026-8732 is still spawning rogue administrator accounts across roughly 15,000 sites. If your business pulls npm packages, or runs Cisco SD-WAN or Unified CM, Magento, a public web server, Palo Alto GlobalProtect, or WordPress with WP Maps Pro, these advisories require action now — start with the article-level remediation steps below.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

72 articles found

Featured Story

high

Apr 28, 2026

highCVE AdvisoryVulnerability

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

By Danny MercerRead Full Article

high

CVE AdvisoryVulnerability•Apr 24, 2026

HIGH: LMDeploy CVE-2026-33626 SSRF Exploited Within Hours of Disclosure

A server-side request forgery flaw in the LMDeploy vision-language pipeline was under active exploitation twelve hours and thirty-one minutes after public disclosure, and no upstream patch has shipped yet. Attackers are already probing exposed instances for AWS metadata credentials, Redis on localhost, and loopback services.

high

CVE AdvisoryVulnerability•Apr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

critical

CVE AdvisoryVulnerability•Apr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

high

CVE AdvisoryVulnerability•Apr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

critical

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

critical

CVE AdvisoryVulnerability•Apr 16, 2026

nginx-ui Unauthenticated RCE Gives Attackers Full Web Server Control (CVE-2026-33032)

A critical unauthenticated RCE in nginx-ui lets attackers take over your web server through a single API call. The flaw exists because one MCP endpoint skipped authentication checks entirely. Patch immediately or restrict access to the management interface.

critical

CVE AdvisoryVulnerability•Apr 14, 2026

Kubernetes Image Builder Bakes Default SSH Credentials Into Every VM It Creates (CVE-2024-9486)

CVE-2024-9486 (CVSS 9.8) in Kubernetes Image Builder leaves a well-known default SSH password on every VM image it builds. Anyone who knows the builder account password can SSH in and take full control. Check your images and rotate credentials immediately.

high

CVE AdvisoryVulnerability•Apr 2, 2026

HIGH: Chrome Zero-Day Number Four Just Dropped: CVE-2026-5281 Hits the WebGPU Stack

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.

critical

CVE AdvisoryVulnerability•Mar 20, 2026

Veeam Backup Critical Flaw Lets Ransomware Gangs Delete Your L...

Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.

critical

CVE AdvisoryVulnerability•Mar 18, 2026

KVM Switch Vulnerabilities: 9 Flaws Give Attackers Hardware Access

Nine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.

critical

CVE AdvisoryVulnerability•Mar 17, 2026

CRITICAL: CISA Adds Wing FTP Vulnerability to KEV as Attackers Chain Flaws for Remote Access

CISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.

high

CVE AdvisoryVulnerability•Mar 16, 2026

HIGH: Google Patches Two Chrome Zero-Days Actively Exploited in the Wild

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.

critical

CVE AdvisoryVulnerability•Mar 15, 2026

CRITICAL: Google Patches Two Chrome Zero-Days Under Active Attack — Update Your Browser Now

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.

critical

CVE AdvisoryVulnerability•Mar 14, 2026

Apache Tomcat RCE Vulnerability Actively Exploited

CVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.

CVE-2017-7921

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2017-7921 CVSS 9.8 •Mar 6, 2026

CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEV Catalog — Attacks Are Active

CISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.

CVE-2026-22719

critical

CVSS 8.1

CVE AdvisoryVulnerabilityCVE-2026-22719 CVSS 8.1 •Mar 5, 2026

VMware Aria Operations Under Active Attack: CISA Orders Federal Agencies to Patch Immediately

CISA added CVE-2026-22719 (CVSS 8.1) to the Known Exploited Vulnerabilities catalog after confirming active exploitation. The command injection flaw in VMware Aria Operations allows unauthenticated RCE. Federal agencies must patch by March 24, 2026.

CVE-2026-21513

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-21513 CVSS 8.8 •Mar 2, 2026

APT28 Exploited Windows MSHTML Zero-Day Before Microsoft Could Patch It (CVE-2026-21513)

Akamai confirmed Russia's APT28 was exploiting CVE-2026-21513 in Windows MSHTML before Microsoft released the February patch. The attack chains crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security, delivering payloads without user interaction.

CVE-2026-22769

critical

CVSS 10.0

CVE AdvisoryVulnerabilityCVE-2026-22769 CVSS 10.0 •Feb 19, 2026

Dell RecoverPoint Zero-Day: Chinese Hackers Had 18 Months Head Start

A maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.

CVE-2026-2441

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-2441 CVSS 8.8 •Feb 16, 2026

Chrome Zero-Day CVE-2026-2441 Exploited in the Wild: Update Now

Google patches CVE-2026-2441, a high-severity use-after-free in Chrome actively exploited in the wild. This is Chrome first zero-day of 2026. Update immediately.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 3 of 4Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.