Security Articles

Stay ahead of emerging threats with expert analysis from 95+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week (Apr 21-25, 2026): a FIRESTARTER backdoor survives Cisco firewall patches in the ArcaneDoor federal breach, Microsoft ships a CVSS 9.1 ASP.NET Core flaw that lets attackers forge authentication cookies on Linux, three Microsoft Defender zero-days chain into SYSTEM takeover with two still unpatched, and Apple patches an iOS notification bug the FBI used to pull deleted Signal messages off an iPhone.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

57 articles found

Featured Story

criticalCVE AdvisoryVulnerability

CRITICAL: FIRESTARTER Backdoor Squats on Federal Cisco Firewall, Survives Every Patch

A US federal civilian executive branch agency had its Cisco Firepower firewall compromised by China-linked UAT4356 in September 2025, with the attackers maintaining access through March 2026 via FIRESTARTER, a backdoor that survives firmware updates and reboots. CISA Analysis Report AR26-113A confirms exploitation of CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 in Cisco ASA and FTD software.

By Danny MercerRead Full Article

CVE AdvisoryVulnerability•Apr 25, 2026

CRITICAL: FIRESTARTER Backdoor Survives Cisco Firewall Patches in ArcaneDoor Federal Breach

CISA and the UK NCSC went public with a joint advisory on FIRESTARTER, a stealth implant tied to the UAT-4356 ArcaneDoor crew that survived firmware updates and security patches on a Cisco Firepower device inside a federal civilian agency. The malware chains CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 to gain root on Cisco ASA and FTD appliances, then hooks LINA and persists through reboots until a hard power cycle is performed.

CVE AdvisoryVulnerability•Apr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

CVE AdvisoryVulnerability•Apr 16, 2026

CRITICAL: Unauthenticated nginx-ui Flaw Gives Attackers Complete Control of Your Web Server

CVE-2026-33032 is a critical vulnerability in nginx-ui that allows unauthenticated attackers to take complete control of nginx services. The flaw exists because one MCP endpoint forgot to check authentication while another requires it. CISA has added it to the KEV catalog.

CVE AdvisoryVulnerability•Apr 14, 2026

CRITICAL: Kubernetes Image Builder Flaw Leaves Default SSH Credentials on VM Images

CVE-2024-9486 is a critical CVSS 9.8 vulnerability in Kubernetes Image Builder that leaves default SSH credentials baked into VM images. The builder account with a well-known password persists in finished images, giving attackers root access to deployed nodes.

CVE AdvisoryVulnerability•Apr 10, 2026

Smart Slider 3 Pro WordPress Supply Chain Attack: 800K at Risk

Attackers hijacked Smart Slider 3 Pro update system, pushing a backdoor to 800K+ WordPress sites in 6 hours. Creates hidden admins and steals credentials.

CVE AdvisoryVulnerability•Apr 9, 2026

CRITICAL: Adobe Reader Zero-Day Has Been Quietly Pwning Users Since December

A sophisticated zero-day in Adobe Reader has been exploited in the wild since at least December 2025. Malicious PDFs disguised as invoices automatically execute JavaScript to harvest data and download additional payloads. No patch is currently available.

CVE AdvisoryVulnerability•Apr 8, 2026

CRITICAL: North Korea's Contagious Interview Campaign Hits 1,700 Packages Across Five Ecosystems

DPRK-linked threat actors have infected over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist since January 2025. The Contagious Interview campaign delivers infostealers and RATs through developer tooling that looks completely legitimate until activated.

CVE AdvisoryVulnerability•Apr 7, 2026

Flowise AI CVE-2025-59528: 12,000 Instances Vulnerable to RCE

CVE-2025-59528 is a CVSS 10.0 RCE flaw in Flowise AI agent builder with 12,000 exposed instances. Here is who is affected, how to check, and what to patch.

CVE AdvisoryVulnerability•Apr 6, 2026

CRITICAL: Inside the $285 Million Drift Hack: North Korea's Six-Month Con Job

North Korean hackers spent six months building trust with Drift Protocol contributors before stealing $285 million. The operation involved fake personas, conference appearances, and a million-dollar deposit to establish credibility before exploiting VS Code and TestFlight attack vectors.

CVE AdvisoryVulnerability•Apr 3, 2026

CRITICAL: North Korea Just Pulled Off Another Quarter-Billion Dollar Crypto Heist

North Korean hackers drained $285 million from Solana-based Drift Protocol using social engineering to compromise multi-signature approvals. The attack involved no code exploits, just patient manipulation of human trust over several weeks.

CVE AdvisoryVulnerability•Mar 31, 2026

CRITICAL: ChatGPT's Hidden Data Leak: How OpenAI's Code Execution Runtime Became a Covert Exfiltration Channel

Check Point researchers discovered a ChatGPT vulnerability allowing silent data exfiltration via DNS queries from the code execution sandbox. Separately, BeyondTrust found a critical command injection flaw in OpenAI Codex that enabled GitHub token theft through malicious branch names.

CVE AdvisoryVulnerability•Mar 29, 2026

Iran Hacks FBI Director Email, Deploys Wiper on Stryker

Iran-linked Handala Hack breached FBI Director Kash Patel email and unleashed wiper malware on Stryker. First destructive attack on US Fortune 500.

CVE AdvisoryVulnerability•Mar 28, 2026

CRITICAL: LangChain and LangGraph Vulnerabilities: Your AI Stack Just Became Your Biggest Liability

Three critical vulnerabilities in LangChain and LangGraph let attackers steal files from filesystems, siphon API keys and environment secrets, and pillage conversation histories. With 84 million weekly downloads, most enterprise AI deployments are affected.

CVE AdvisoryVulnerability•Mar 27, 2026

CRITICAL: Three Critical Flaws in LangChain and LangGraph Could Drain Your AI Applications Dry

Security researchers at Cyera disclosed three vulnerabilities in LangChain and LangGraph affecting millions of AI applications. Path traversal, deserialization, and SQL injection flaws expose filesystem contents, environment secrets, and conversation histories.

CVE AdvisoryVulnerability•Mar 25, 2026

CRITICAL: TeamPCP Supply Chain Attack Backdoors LiteLLM, Threatens 36% of Cloud Environments

TeamPCP has compromised LiteLLM, a Python package present in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 deploy credential harvesters, Kubernetes lateral movement tools, and persistent backdoors.

CVE AdvisoryVulnerability•Mar 24, 2026

Oracle Identity Manager RCE: CVSS 9.8 Flaw Needs Immediate Patch

Oracle patches CVE-2026-21992, a pre-auth RCE in Identity Manager scoring 9.8 CVSS. No credentials needed to exploit. Emergency patches available now.

CVE AdvisoryVulnerability•Mar 23, 2026

Trivy Supply Chain Attack Compromises 75 GitHub Actions Tags

A second supply chain attack on Trivy compromised 75 GitHub Actions tags and spawned a credential-stealing worm across 47 npm packages. Check your CI pipeline.

CVE AdvisoryVulnerability•Mar 20, 2026

Veeam Backup Critical Flaw Lets Ransomware Gangs Delete Your L...

Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

Page 1 of 3Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.

512-518-4408 Free Security Quiz →