Security Articles

Stay ahead of emerging threats with expert analysis from 137 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Tuesday, June 9, 2026, the most urgent items for production stacks: the "Miasma" worm has detonated across 73 Microsoft-owned GitHub repositories in an npm supply-chain cascade — a software supply-chain attack means malicious code is planted in a trusted package your developers already install, so it spreads automatically into everything that depends on it — making any team that pulls JavaScript packages from npm a potential downstream victim; audit your dependencies and pin trusted versions now. The Cisco Catalyst SD-WAN Manager zero-day CVE-2026-20245 remains under active exploitation with no patch available yet — restrict management-interface access and watch Cisco's advisory for the fix. Cisco Unified Communications Manager flaw CVE-2026-20230 hands attackers root through a server-side request forgery (SSRF) bug — a server tricked into making attacker-controlled requests — and a working proof-of-concept exploit is already public, so patch now. The Mirasvit Cache Warmer bug CVE-2026-45247 is being used for active remote code execution (RCE — running attacker code on your server) against Magento e-commerce stores. Still carrying forward: the HTTP/2 "Bomb" CVE-2026-49975 lets a single home connection knock NGINX, Apache, IIS, and Cloudflare web servers offline; Palo Alto GlobalProtect authentication-bypass CVE-2026-0257 remains on the CISA Known Exploited Vulnerabilities (KEV) catalog under active exploitation; and the WP Maps Pro WordPress flaw CVE-2026-8732 is still spawning rogue administrator accounts across roughly 15,000 sites. If your business pulls npm packages, or runs Cisco SD-WAN or Unified CM, Magento, a public web server, Palo Alto GlobalProtect, or WordPress with WP Maps Pro, these advisories require action now — start with the article-level remediation steps below.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

128 articles found

Featured Story

critical

May 2, 2026

criticalCVE AdvisoryVulnerability

CRITICAL: Google Patches CVSS 10 Gemini CLI Flaw That Turned CI Workspaces Into Free RCE

A maximum severity CVSS 10.0 flaw in Google Gemini CLI headless mode let any attacker who could drop a .gemini directory into a CI workspace execute code on the runner host. Tracked as GHSA-wpqr-6v78-jr5g, it is fixed in @google/gemini-cli 0.39.1 and 0.40.0-preview.3, plus run-gemini-cli action 0.1.22. Patch immediately and rotate any secrets reachable from affected pipelines.

By Danny MercerRead Full Article

critical

CVE AdvisoryVulnerability•May 1, 2026

CRITICAL: Google Gemini CLI Earns CVSS 10 By Trusting Every Folder It Touches

Google patched a CVSS 10.0 remote code execution flaw in the Gemini CLI that let attackers hijack CI/CD pipelines through malicious .gemini/ configurations in untrusted workspaces. The advisory ships under GHSA-wpqr-6v78-jr5g without a CVE assigned, and any organization running the run-gemini-cli GitHub Action without a pinned version was carrying the vulnerable code by default.

critical

CVE AdvisoryVulnerability•Apr 30, 2026

CRITICAL: GitHub Enterprise Server RCE via a Single Git Push (CVE-2026-3854)

Wiz researchers disclosed CVE-2026-3854 on April 28, a critical remote code execution flaw in GitHub Enterprise Server that turns a single authenticated git push into full server compromise. Roughly 88 percent of internet-exposed Enterprise Server instances were unpatched at disclosure. GitHub.com and Enterprise Cloud are already fixed, but self-hosted admins must upgrade to 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4, or 3.20.0.

high

CVE AdvisoryVulnerability•Apr 29, 2026

HIGH: Storm-1175 Chains ConnectWise ScreenConnect Bugs to Drop Medusa Ransomware (CVE-2024-1708)

CISA added the two-year-old ConnectWise ScreenConnect path traversal flaw CVE-2024-1708 to its Known Exploited Vulnerabilities catalog on April 28, 2026, after China-aligned Storm-1175 was caught chaining it with the SlashAndGrab auth bypass CVE-2024-1709 to deploy Medusa ransomware through compromised MSP infrastructure. Federal agencies have until May 12 to remediate.

high

CVE AdvisoryVulnerability•Apr 28, 2026

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

high

CVE AdvisoryVulnerability•Apr 27, 2026

HIGH: Bitwarden CLI Hit by Shai-Hulud Third Coming Worm in Checkmarx Supply Chain Cascade

A poisoned build of @bitwarden/cli version 2026.4.0 lived on the npm registry for roughly ninety minutes on April 22, 2026, infecting around 334 developer machines with the third generation of the Shai-Hulud worm. The attack chained off the prior compromise of the checkmarx/ast-github-action GitHub Action, harvested cloud credentials, GitHub and npm tokens, and AI coding tool configs, then self-propagated by injecting malicious workflows into accessible repositories.

critical

CVE AdvisoryVulnerability•Apr 26, 2026

ArcaneDoor FIRESTARTER Backdoor Survives Every Cisco Firewall Patch — Federal Networks Still Exposed

The FIRESTARTER implant from the ArcaneDoor campaign persists through Cisco ASA firmware updates on federal networks. CISA and UK NCSC issued a joint advisory with IOCs, detection signatures, and emergency mitigation steps. If you run Cisco Firepower or ASA, check your devices now.

critical

CVE AdvisoryVulnerability•Apr 25, 2026

CRITICAL: FIRESTARTER Backdoor Survives Cisco Firewall Patches in ArcaneDoor Federal Breach

CISA and the UK NCSC went public with a joint advisory on FIRESTARTER, a stealth implant tied to the UAT-4356 ArcaneDoor crew that survived firmware updates and security patches on a Cisco Firepower device inside a federal civilian agency. The malware chains CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 to gain root on Cisco ASA and FTD appliances, then hooks LINA and persists through reboots until a hard power cycle is performed.

high

CVE AdvisoryVulnerability•Apr 24, 2026

HIGH: LMDeploy CVE-2026-33626 SSRF Exploited Within Hours of Disclosure

A server-side request forgery flaw in the LMDeploy vision-language pipeline was under active exploitation twelve hours and thirty-one minutes after public disclosure, and no upstream patch has shipped yet. Attackers are already probing exposed instances for AWS metadata credentials, Redis on localhost, and loopback services.

high

CVE AdvisoryVulnerability•Apr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

critical

CVE AdvisoryVulnerability•Apr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

high

CVE AdvisoryVulnerability•Apr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

critical

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

critical

CVE AdvisoryVulnerability•Apr 16, 2026

nginx-ui Unauthenticated RCE Gives Attackers Full Web Server Control (CVE-2026-33032)

A critical unauthenticated RCE in nginx-ui lets attackers take over your web server through a single API call. The flaw exists because one MCP endpoint skipped authentication checks entirely. Patch immediately or restrict access to the management interface.

high

CVE AdvisoryVulnerability•Apr 15, 2026

HIGH: Scattered Spider Returns: UK Retail Giants Fall to Social Engineering Blitz

Scattered Spider, the group behind the MGM and Caesars attacks, has hit Marks & Spencer, Co-op, and Harrods in a coordinated campaign deploying DragonForce ransomware. The attacks relied on social engineering help desk staff rather than technical exploits.

critical

CVE AdvisoryVulnerability•Apr 14, 2026

Kubernetes Image Builder Bakes Default SSH Credentials Into Every VM It Creates (CVE-2024-9486)

CVE-2024-9486 (CVSS 9.8) in Kubernetes Image Builder leaves a well-known default SSH password on every VM image it builds. Anyone who knows the builder account password can SSH in and take full control. Check your images and rotate credentials immediately.

high

CVE AdvisoryVulnerability•Apr 13, 2026

HIGH: Your Phone Ads Are Snitching on You: Inside the 500-Million-Device Surveillance Machine

Citizen Lab revealed that law enforcement agencies worldwide are using Webloc, a tool built by Israeli intelligence company Cobwebs Technologies, to track 500 million mobile devices through advertising data without warrants. Clients include ICE, US military, and police departments across America.

high

CVE AdvisoryVulnerability•Apr 12, 2026

HIGH: CPUID Website Breach Spreads STX RAT Through Trojanized CPU-Z and HWMonitor Downloads

The official CPUID website was compromised for 19 hours, redirecting users to malicious downloads of CPU-Z and HWMonitor that delivered STX RAT. Over 150 victims identified across retail, manufacturing, telecom, and individual users in Brazil, Russia, and China.

high

CVE AdvisoryVulnerability•Apr 11, 2026

HIGH: Fortinet Warns of Persistent Access Technique That Survives Even After Patching

Fortinet has disclosed that threat actors are using a symlink-based technique to maintain read-only access to FortiGate devices even after security patches are applied. The method exploits the SSL-VPN language files directory to create persistent filesystem access.

critical

CVE AdvisoryVulnerability•Apr 10, 2026

Smart Slider 3 Pro WordPress Supply Chain Attack: 800K at Risk

Attackers hijacked Smart Slider 3 Pro update system, pushing a backdoor to 800K+ WordPress sites in 6 hours. Creates hidden admins and steals credentials.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 3 of 7Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.