Security Articles

Stay ahead of emerging threats with expert analysis from 118 published security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. Opening the week of May 18 – May 24, 2026 (Tuesday outlook): the new week kicks off with back-to-back CRITICAL advisories — NGINX rewrite-module flaw CVE-2026-42945 hit active exploitation within days of disclosure on Monday, an 18-year-old bug now sitting on every NGINX-fronted application stack, and Cisco Catalyst SD-WAN CVE-2026-20182 landed Sunday at CVSS 10.0 under active exploitation by UAT-8616 with no workaround. Carrying forward from last week, Microsoft Exchange XSS CVE-2026-42897 remains under active attack with CISA listing in the Known Exploited Vulnerabilities catalog, May 2026 Patch Tuesday's unauthenticated Netlogon and DNS RCE pair stays the priority server-side patch at CVSS 9.8, and Ivanti EPMM CVE-2026-6973 still triggers the 3-day federal deadline for any organization running on-prem mobile device management. If your business depends on an NGINX-fronted application, a Cisco SD-WAN fabric, on-premises Exchange, or Ivanti EPMM, this week's advisories require action today — start with the article-level remediation steps below.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

69 articles found

critical

Feb 14, 2026

criticalThreat IntelCyber Attack

The Chrome Extension Problem Just Got a Lot Worse

Multiple coordinated campaigns have compromised millions of Chrome users through fake AI assistants, social media tools, and utility extensions. The AiFrame campaign alone infected 300,000 users with fake ChatGPT and Gemini extensions that steal emails and credentials, while 287 extensions with 37 million installs were found exfiltrating browsing history to data brokers.

By Danny MercerRead Full Article

CVE-2026-20700

critical

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-20700 CVSS 8.8 •Feb 12, 2026

Apple's First Zero-Day of 2026: Inside the Three-Stage Exploit Chain Targeting High-Value Individuals

Apple patches CVE-2026-20700, a memory corruption flaw in dyld exploited in sophisticated attacks. The vulnerability completes a three-stage exploit chain with two December 2025 bugs (CVE-2025-14174, CVE-2025-43529) discovered by Google TAG, likely used in mercenary spyware operations.

CVE-2026-21510

critical

CVSS 8.8

CVE AdvisoryVulnerabilityCVE-2026-21510 CVSS 8.8 •Feb 11, 2026

Microsoft's February Patch Tuesday Drops a Bombshell: Six Zero-Days Under Active Attack

Microsoft's February 2026 Patch Tuesday fixes 59 vulnerabilities including six actively exploited zero-days. CISA has added all six to KEV with March 3rd deadline. Critical bugs in Windows Shell, MSHTML, Word, and privilege escalation in Desktop Window Manager and Remote Desktop.

CVE-2025-1974

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2025-1974 CVSS 9.8 •Feb 8, 2026

Ingress-NGINX Remote Code Execution: Your Kubernetes Cluster's Front Door Is Wide Open

Critical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.

CVE-2026-25049

critical

CVSS 9.4

CVE AdvisoryVulnerabilityCVE-2026-25049 CVSS 9.4 •Feb 5, 2026

n8n Sandbox Escape: A Critical Reminder That Patches Need Patches

CVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.

CVE-2025-25257

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2025-25257 CVSS 9.8 •Feb 4, 2026

FortiWeb's Pre-Auth SQL Injection Is Being Exploited Right Now

CVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.

critical

Threat IntelNation StateGTG-1002 China •Feb 1, 2026

When AI Became the Hacker: Inside the First Autonomous Cyber Espionage Campaign

A Chinese state-sponsored group turned Anthropic's Claude into the hacker itself, building a framework that allowed the AI to independently infiltrate networks, harvest credentials, and steal data. This was the first documented case of AI doing the hacking, not just assisting it.

critical

Threat IntelGeneral•Jan 31, 2026

Weekly Recap: Google Disrupts IPIDEA, Kimwolf Botnet Spreads, React2Shell Exploited, Microsoft Patches 114 Flaws & More

This week's cybersecurity developments demonstrate how quickly attackers are co-opting existing infrastructure. From Google's disruption of the IPIDEA residential proxy network to Microsoft's 114-flaw Patch Tuesday, the patterns show attackers prioritizing persistence over speed.

CVE-2026-24858

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2026-24858 CVSS 9.8 •Jan 30, 2026

CRITICAL: Fortinet FortiCloud SSO Authentication Bypass - Actively Exploited

A critical authentication bypass vulnerability (CVSS 9.8) in Fortinet FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb allows attackers with a FortiCloud account to access devices registered to other accounts when FortiCloud SSO is enabled. This vulnerability is actively being exploited in the wild.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 4 of 4

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.