Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

13 articles found

Featured Story

high

Apr 29, 2026

highCVE AdvisoryVulnerability

HIGH: Storm-1175 Chains ConnectWise ScreenConnect Bugs to Drop Medusa Ransomware (CVE-2024-1708)

CISA added the two-year-old ConnectWise ScreenConnect path traversal flaw CVE-2024-1708 to its Known Exploited Vulnerabilities catalog on April 28, 2026, after China-aligned Storm-1175 was caught chaining it with the SlashAndGrab auth bypass CVE-2024-1709 to deploy Medusa ransomware through compromised MSP infrastructure. Federal agencies have until May 12 to remediate.

By Danny MercerRead Full Article

high

CVE AdvisoryVulnerability•Apr 28, 2026

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

high

CVE AdvisoryVulnerability•Apr 24, 2026

HIGH: LMDeploy CVE-2026-33626 SSRF Exploited Within Hours of Disclosure

A server-side request forgery flaw in the LMDeploy vision-language pipeline was under active exploitation twelve hours and thirty-one minutes after public disclosure, and no upstream patch has shipped yet. Attackers are already probing exposed instances for AWS metadata credentials, Redis on localhost, and loopback services.

high

CVE AdvisoryVulnerability•Apr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

high

CVE AdvisoryVulnerability•Apr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

high

CVE AdvisoryVulnerability•Apr 2, 2026

HIGH: Chrome Zero-Day Number Four Just Dropped: CVE-2026-5281 Hits the WebGPU Stack

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.

high

CVE AdvisoryVulnerability•Mar 16, 2026

HIGH: Google Patches Two Chrome Zero-Days Actively Exploited in the Wild

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.

CVE-2026-21513

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-21513 CVSS 8.8 •Mar 2, 2026

Russia's APT28 Was Already Exploiting That Windows MSHTML Flaw Before Microsoft Patched It

Akamai confirmed APT28 exploited CVE-2026-21513 (CVSS 8.8) in Windows MSHTML before Microsoft's February patch. The attack uses crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security via ShellExecuteExW invocation. Samples linked to APT28 infrastructure appeared on VirusTotal two weeks before the fix.

CVE-2026-2441

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-2441 CVSS 8.8 •Feb 16, 2026

Chrome Zero-Day CVE-2026-2441 Exploited in the Wild: Update Now

Google patches CVE-2026-2441, a high-severity use-after-free in Chrome actively exploited in the wild. This is Chrome first zero-day of 2026. Update immediately.

high

CVSS 7.5

CVE AdvisoryVulnerabilityCVSS 7.5 •Feb 4, 2026

When Your AI Assistant Turns Against You: The Docker Ask Gordon Vulnerability

Researchers discovered DockerDash, a critical vulnerability in Docker Ask Gordon AI feature that lets attackers execute code by hiding malicious instructions in image metadata. The attack exploits blind trust between the AI assistant and MCP Gateway. Patched in Docker Desktop 4.50.0.

CVE-2026-21509

high

CVSS 7.8

CVE AdvisoryVulnerabilityCVE-2026-21509 CVSS 7.8 •Feb 3, 2026

APT28 Weaponized That Office Zero-Day in Three Days Flat

Russia's APT28 began exploiting Microsoft Office CVE-2026-21509 just 72 hours after disclosure, targeting Ukraine, Slovakia, and Romania with email-stealing malware and Covenant implants.

CVE-2026-21509

high

CVSS 7.8

CVE AdvisoryVulnerabilityCVE-2026-21509 CVSS 7.8 •Jan 28, 2026

HIGH: Microsoft Office OLE Security Feature Bypass Zero-Day - Actively Exploited

A high-severity Microsoft Office zero-day (CVE-2026-21509) is being actively exploited to bypass security controls designed to block risky COM and OLE content. Successful exploitation requires a user to open a malicious Office document, enabling follow-on payload execution and intrusion activity. Apply Microsoft's out-of-band update immediately or deploy the recommended registry-based mitigation if patching is delayed.

CVE-2025-55182

high

CVSS 8.2

CVE AdvisoryVulnerabilityCVE-2025-55182 CVSS 8.2 •Dec 15, 2025

HIGH: React2Shell and React Server Components Security Risks - Exploitation Paths Emerging

React2Shell refers to a newly disclosed set of exploitation paths affecting React Server Components and modern server-side rendering workflows. In vulnerable implementations, attackers may escalate from user-driven application behavior into sensitive server-side execution, data access, or compromise of backend services. Organizations using RSC or SSR patterns should audit server-executed components, reduce dynamic execution paths, and apply strict validation and least-privilege controls.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.