Security Articles

Stay ahead of emerging threats with expert analysis from 142 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. As of Sunday, June 14, 2026, the most urgent items for production stacks: the Oracle PeopleSoft zero-day CVE-2026-35273 is being used by the ShinyHunters extortion crew to break into more than 100 universities — a zero-day means a flaw the vendor had no patch ready for when attacks began, so the only defense is applying Oracle's emergency fix the moment it lands and watching for unfamiliar logins. Google has shipped an emergency patch for the Chrome V8 zero-day CVE-2026-11645, already under active exploitation through nothing more than a booby-trapped web page, so update every browser in your business today. The LiteLLM flaw CVE-2026-42271 has landed on the CISA Known Exploited Vulnerabilities (KEV) catalog — the U.S. government's list of bugs confirmed to be under real-world attack — and lets intruders run their own code on exposed AI gateways, the servers that broker requests between your apps and AI models. The Langflow bug CVE-2026-5027 is a path-traversal flaw — one that tricks a server into reaching files outside its intended folder — letting unauthenticated attackers plant code on roughly 7,000 internet-exposed AI servers. And the "Velvet Ant" espionage group quietly backdoored Linux PAM and OpenSSH — the components that handle logins on most Linux servers — to live undetected inside a single network for nearly a decade, a reminder that intrusion detection matters as much as patching. If your business runs Oracle PeopleSoft, Chrome, self-hosted AI tooling like LiteLLM or Langflow, or Linux servers, these advisories require action now — start with the article-level remediation steps below.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

74 articles found

Featured Story

critical

Apr 30, 2026

criticalCVE AdvisoryVulnerability

CRITICAL: GitHub Enterprise Server RCE via a Single Git Push (CVE-2026-3854)

Wiz researchers disclosed CVE-2026-3854 on April 28, a critical remote code execution flaw in GitHub Enterprise Server that turns a single authenticated git push into full server compromise. Roughly 88 percent of internet-exposed Enterprise Server instances were unpatched at disclosure. GitHub.com and Enterprise Cloud are already fixed, but self-hosted admins must upgrade to 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4, or 3.20.0.

By Danny MercerRead Full Article

high

CVE AdvisoryVulnerability•Apr 29, 2026

HIGH: Storm-1175 Chains ConnectWise ScreenConnect Bugs to Drop Medusa Ransomware (CVE-2024-1708)

CISA added the two-year-old ConnectWise ScreenConnect path traversal flaw CVE-2024-1708 to its Known Exploited Vulnerabilities catalog on April 28, 2026, after China-aligned Storm-1175 was caught chaining it with the SlashAndGrab auth bypass CVE-2024-1709 to deploy Medusa ransomware through compromised MSP infrastructure. Federal agencies have until May 12 to remediate.

high

CVE AdvisoryVulnerability•Apr 28, 2026

HIGH: APT28 Exploits Incomplete Windows Shell Patch for Zero-Click NTLM Theft (CVE-2026-32202)

Microsoft has confirmed active exploitation of CVE-2026-32202, a Windows Shell spoofing flaw that turns out to be an incomplete patch for an APT28 zero-day from earlier this year. The Russian GRU-linked group is using crafted LNK files to silently steal NTLM credentials with zero clicks, and the original April 14 advisory dramatically understated the severity until Microsoft corrected it on April 27.

high

CVE AdvisoryVulnerability•Apr 24, 2026

HIGH: LMDeploy CVE-2026-33626 SSRF Exploited Within Hours of Disclosure

A server-side request forgery flaw in the LMDeploy vision-language pipeline was under active exploitation twelve hours and thirty-one minutes after public disclosure, and no upstream patch has shipped yet. Attackers are already probing exposed instances for AWS metadata credentials, Redis on localhost, and loopback services.

high

CVE AdvisoryVulnerability•Apr 23, 2026

HIGH: Apple Patches iOS Notification Bug That Let the FBI Pull Deleted Signal Messages Off an iPhone (CVE-2026-28950)

Apple shipped iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a data retention flaw in the Notification Services framework that kept the text of deleted notifications in an internal database. The FBI used the bug to recover Signal message content from a seized iPhone after the Signal app had been deleted. Patch every managed iPhone today and enforce preview redaction on sensitive messaging apps.

critical

CVE AdvisoryVulnerability•Apr 22, 2026

CRITICAL: Microsoft Patches CVSS 9.1 ASP.NET Core Flaw Letting Attackers Forge Authentication Cookies on Linux

Microsoft published an advisory for CVE-2026-40372, a CVSS 9.1 elevation-of-privilege flaw in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 that lets a network-positioned attacker forge authentication cookies and decrypt protected payloads. The bug primarily affects Linux and macOS deployments where the managed authenticated encryptor computes its HMAC tag over the wrong bytes and skips the comparison entirely. Patch to 10.0.7 immediately and rotate the DataProtection key ring if the application was internet-exposed during the vulnerable window.

high

CVE AdvisoryVulnerability•Apr 21, 2026

HIGH: Three Microsoft Defender Zero-Days Chain Into SYSTEM Takeover With Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender, nicknamed BlueHammer, RedSun, and UnDefend, are under active exploitation after researcher Chaotic Eclipse dumped working proof-of-concept code. Only BlueHammer (CVE-2026-33825, CVSS 7.8) has been patched. RedSun escalates local users to SYSTEM on fully patched systems while UnDefend silently disables Defender definition updates, making the chained attack especially dangerous until the May 13 Patch Tuesday.

critical

CVE AdvisoryVulnerability•Apr 17, 2026

CRITICAL: Cisco Drops Patches for Four Critical Flaws in ISE and Webex: One Lets Attackers Impersonate Anyone

Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.

critical

CVE AdvisoryVulnerability•Apr 16, 2026

nginx-ui Unauthenticated RCE Gives Attackers Full Web Server Control (CVE-2026-33032)

A critical unauthenticated RCE in nginx-ui lets attackers take over your web server through a single API call. The flaw exists because one MCP endpoint skipped authentication checks entirely. Patch immediately or restrict access to the management interface.

critical

CVE AdvisoryVulnerability•Apr 14, 2026

Kubernetes Image Builder Bakes Default SSH Credentials Into Every VM It Creates (CVE-2024-9486)

CVE-2024-9486 (CVSS 9.8) in Kubernetes Image Builder leaves a well-known default SSH password on every VM image it builds. Anyone who knows the builder account password can SSH in and take full control. Check your images and rotate credentials immediately.

high

CVE AdvisoryVulnerability•Apr 2, 2026

HIGH: Chrome Zero-Day Number Four Just Dropped: CVE-2026-5281 Hits the WebGPU Stack

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.

critical

CVE AdvisoryVulnerability•Mar 20, 2026

Veeam Backup Critical Flaw Lets Ransomware Gangs Delete Your L...

Critical authentication bypass in Veeam Backup & Replication allows attackers to delete backup repositories without credentials.

critical

CVE AdvisoryVulnerability•Mar 18, 2026

KVM Switch Vulnerabilities: 9 Flaws Give Attackers Hardware Access

Nine critical vulnerabilities in budget IP KVM switches from GL-iNet, Angeet, Sipeed, and JetKVM allow unauthenticated code execution and hardware-level access.

critical

CVE AdvisoryVulnerability•Mar 17, 2026

CRITICAL: CISA Adds Wing FTP Vulnerability to KEV as Attackers Chain Flaws for Remote Access

CISA added CVE-2025-47813 (info disclosure) to KEV, used to enhance CVE-2025-47812 (CVSS 10.0 RCE) exploitation. Attackers chain both flaws for reliable remote access. Wing FTP patches available since May 2025. Federal deadline: March 30.

high

CVE AdvisoryVulnerability•Mar 16, 2026

HIGH: Google Patches Two Chrome Zero-Days Actively Exploited in the Wild

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 sandbox escape), both CVSS 8.8 and actively exploited. CISA added to KEV with March 27 deadline. Update to Chrome 146.0.7680.75/76.

critical

CVE AdvisoryVulnerability•Mar 15, 2026

CRITICAL: Google Patches Two Chrome Zero-Days Under Active Attack — Update Your Browser Now

Google patched CVE-2026-3909 (Skia OOB write) and CVE-2026-3910 (V8 implementation flaw), both actively exploited. Third Chrome zero-day emergency in 2026. Update to 146.0.7680.75/76 immediately.

critical

CVE AdvisoryVulnerability•Mar 14, 2026

Apache Tomcat RCE Vulnerability Actively Exploited

CVE-2026-42071 (CVSS 9.8) in Apache Tomcat allows unauthenticated RCE via partial PUT request handling. Actively exploited 30 hours after disclosure.

CVE-2017-7921

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2017-7921 CVSS 9.8 •Mar 6, 2026

CISA Adds Critical Hikvision and Rockwell Automation Flaws to KEV Catalog — Attacks Are Active

CISA confirmed active exploitation of CVE-2017-7921 (Hikvision cameras) and CVE-2021-22681 (Rockwell Automation controllers), both CVSS 9.8. Federal agencies must patch by March 26, 2026. Legacy vulnerabilities remain potent weapons in attacker arsenals.

CVE-2026-22719

critical

CVSS 8.1

CVE AdvisoryVulnerabilityCVE-2026-22719 CVSS 8.1 •Mar 5, 2026

VMware Aria Operations Under Active Attack: CISA Orders Federal Agencies to Patch Immediately

CISA added CVE-2026-22719 (CVSS 8.1) to the Known Exploited Vulnerabilities catalog after confirming active exploitation. The command injection flaw in VMware Aria Operations allows unauthenticated RCE. Federal agencies must patch by March 24, 2026.

CVE-2026-21513

high

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-21513 CVSS 8.8 •Mar 2, 2026

APT28 Exploited Windows MSHTML Zero-Day Before Microsoft Could Patch It (CVE-2026-21513)

Akamai confirmed Russia's APT28 was exploiting CVE-2026-21513 in Windows MSHTML before Microsoft released the February patch. The attack chains crafted LNK files to bypass Mark-of-the-Web and IE Enhanced Security, delivering payloads without user interaction.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 3 of 4Next

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.