Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.
Critical VMware ESXi flaw lets attackers escape guest VMs and execute code on the hypervisor. If you run ESXi, this needs immediate patching.
Sophisticated iOS exploit kit chains six vulnerabilities including three zero-days to achieve complete device takeover. Multiple threat actors including Russian espionage groups and commercial surveillance vendors observed using DarkSword against targets in Ukraine, Saudi Arabia, and Turkey.
Read moreNine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.
Read moreCISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.
Read moreGoogle patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.
Read moreCVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.
Read moreA critical arbitrary file read vulnerability in Jenkins allows attackers to extract credentials, API keys, and secrets from CI/CD pipelines.
Read moreA critical authentication bypass in Citrix NetScaler Gateway and ADC allows attackers to access protected resources without valid credentials.
Read moreSonicWall discloses a critical pre-authentication RCE vulnerability affecting SMA and SonicOS products.
Read moreA critical RCE vulnerability in Atlassian Confluence is being mass-exploited by multiple threat actors.
Read moreIvanti discloses another actively exploited zero-day chain in Connect Secure VPN appliances. CVE-2026-0778 and CVE-2026-0779 allow unauthenticated attackers ...
Read moreA critical vulnerability in Microsoft Teams allows attackers to deliver malware through specially crafted meeting invitations.
Read moreNation-state actors exploiting a critical zero-day in Palo Alto GlobalProtect VPN targeting defense contractors. Patch now or isolate affected systems.
Read moreQualys discovered nine vulnerabilities in AppArmor affecting 12.6 million Linux servers. CrackArmor enables unprivileged users to achieve root via confused deputy attacks, bypass container isolation, defeat KASLR, and manipulate security policies. All kernels since 4.11 affected.
Read moreCISA added CVE-2025-68613 to KEV after confirming active exploitation of n8n automation platform. Five critical RCE vulnerabilities (CVSS 9.4-9.5) allow credential theft via encryption key extraction. 24,700 instances exposed. Federal deadline: March 25, 2026.
Read moreSentinelOne documents campaign targeting FortiGate appliances to extract AD/LDAP credentials. Attackers exploit CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858, decrypt config files, and harvest NTDS.dit. Healthcare, government, and MSPs are primary targets.
Read moreJFrog discovered malicious npm package @openclaw-ai/openclawai deploying GhostLoader RAT on macOS. The 11,700-line infostealer harvests Keychain, browser credentials, crypto wallets, SSH keys, cloud creds, and enables browser session cloning. 178 developers compromised.
Read moreIranian APT MuddyWater deploys Dindoor backdoor against US banks, airports, and defense contractors using Deno JavaScript runtime. Detect and defend.
Read moreCritical Veeam Backup flaw lets attackers delete backup repos without credentials. Ransomware gangs exploiting CVE-2026-29849 to eliminate recovery options.
Read moreCISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.