Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

19 articles found

Featured Story

criticalCVE AdvisoryVulnerability

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

By Danny MercerRead Full Article

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

CVE AdvisoryVulnerability•Apr 16, 2026

CRITICAL: Unauthenticated nginx-ui Flaw Gives Attackers Complete Control of Your Web Server

CVE-2026-33032 is a critical vulnerability in nginx-ui that allows unauthenticated attackers to take complete control of nginx services. The flaw exists because one MCP endpoint forgot to check authentication while another requires it. CISA has added it to the KEV catalog.

CVE AdvisoryVulnerability•Apr 14, 2026

CRITICAL: Kubernetes Image Builder Flaw Leaves Default SSH Credentials on VM Images

CVE-2024-9486 is a critical CVSS 9.8 vulnerability in Kubernetes Image Builder that leaves default SSH credentials baked into VM images. The builder account with a well-known password persists in finished images, giving attackers root access to deployed nodes.

CVE AdvisoryVulnerability•Mar 20, 2026

Veeam Backup Critical Flaw Lets Ransomware Gangs Delete Your L...

Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.

CVE AdvisoryVulnerability•Mar 18, 2026

KVM Switch Vulnerabilities: 9 Flaws Give Attackers Hardware Access

Nine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.

CVE AdvisoryVulnerability•Mar 17, 2026

CRITICAL: CISA Adds Wing FTP Vulnerability to KEV as Attackers Chain Flaws for Remote Access

CISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.

CVE AdvisoryVulnerability•Mar 15, 2026

CRITICAL: Google Patches Two Chrome Zero-Days Under Active Attack — Update Your Browser Now

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.

CVE AdvisoryVulnerability•Mar 14, 2026

Apache Tomcat RCE Vulnerability Actively Exploited

CVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.

CVE AdvisoryVulnerabilityCVE-2017-7921 CVSS 9.8 •Mar 6, 2026

CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEV Catalog — Attacks Are Active

CISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.

CVE AdvisoryVulnerabilityCVE-2026-22719 CVSS 8.1 •Mar 5, 2026

VMware Aria Operations Under Active Attack: CISA Orders Federal Agencies to Patch Immediately

CISA added CVE-2026-22719 (CVSS 8.1) to the Known Exploited Vulnerabilities catalog after confirming active exploitation. The command injection flaw in VMware Aria Operations allows unauthenticated RCE. Federal agencies must patch by March 24, 2026.

CVE AdvisoryVulnerabilityCVE-2026-22769 CVSS 10.0 •Feb 19, 2026

Dell RecoverPoint Zero-Day: Chinese Hackers Had 18 Months Head Start

A maximum-severity zero-day in Dell RecoverPoint for Virtual Machines (CVSS 10.0) has been exploited by Chinese state-sponsored hackers since mid-2024. The flaw involves hard-coded Tomcat credentials enabling root access. CISA has added it to the KEV catalog with a 3-day patch deadline.

CVE AdvisoryVulnerabilityCVE-2026-1731 CVSS 9.9 •Feb 15, 2026

BeyondTrust Remote Support Under Active Attack After PoC Drops

A critical pre-authentication RCE vulnerability in BeyondTrust Remote Support and Privileged Remote Access is now being actively exploited after a proof-of-concept was published. With a CVSS of 9.9 and approximately 8,500 unpatched on-premise deployments exposed, organizations must patch immediately.

CVE AdvisoryVulnerabilityCVE-2026-20700 CVSS 8.8 •Feb 12, 2026

Apple's First Zero-Day of 2026: Inside the Three-Stage Exploit Chain Targeting High-Value Individuals

Apple patches CVE-2026-20700, a memory corruption flaw in dyld exploited in sophisticated attacks. The vulnerability completes a three-stage exploit chain with two December 2025 bugs (CVE-2025-14174, CVE-2025-43529) discovered by Google TAG, likely used in mercenary spyware operations.

CVE AdvisoryVulnerabilityCVE-2026-21510 CVSS 8.8 •Feb 11, 2026

Microsoft's February Patch Tuesday Drops a Bombshell: Six Zero-Days Under Active Attack

Microsoft's February 2026 Patch Tuesday fixes 59 vulnerabilities including six actively exploited zero-days. CISA has added all six to KEV with March 3rd deadline. Critical bugs in Windows Shell, MSHTML, Word, and privilege escalation in Desktop Window Manager and Remote Desktop.

CVE AdvisoryVulnerabilityCVE-2025-1974 CVSS 9.8 •Feb 8, 2026

Ingress-NGINX Remote Code Execution: Your Kubernetes Cluster's Front Door Is Wide Open

Critical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.

CVE AdvisoryVulnerabilityCVE-2026-25049 CVSS 9.4 •Feb 5, 2026

n8n Sandbox Escape: A Critical Reminder That Patches Need Patches

CVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.

CVE AdvisoryVulnerabilityCVE-2025-25257 CVSS 9.8 •Feb 4, 2026

FortiWeb's Pre-Auth SQL Injection Is Being Exploited Right Now

CVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.

CVE AdvisoryVulnerabilityCVE-2026-24858 CVSS 9.8 •Jan 30, 2026

CRITICAL: Fortinet FortiCloud SSO Authentication Bypass - Actively Exploited

A critical authentication bypass vulnerability (CVSS 9.8) in Fortinet FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb allows attackers with a FortiCloud account to access devices registered to other accounts when FortiCloud SSO is enabled. This vulnerability is actively being exploited in the wild.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.

512-518-4408 Free Security Quiz →