Alerts

Alerts

CISA Orders Emergency Patch for Actively Exploited Citrix NetScaler Flaw Resembling CitrixBleed (CVE-2026-3055)

CISA has issued an emergency patching directive for a critical Citrix NetScaler vulnerability that is already being exploited in the wild to hijack administrator sessions on exposed appliances. The agency added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog on Monday and ordered all Federal Civilian Executive Branch agencies to secure

Alerts

Quest KACE CVSS 10.0 Authentication Bypass Exploited to Hijack Admin Accounts and Target Backup Infrastructure

Arctic Wolf observes active exploitation of CVE-2025-32975 in Quest KACE SMA — a maximum-severity authentication bypass enabling full admin takeover, Mimikatz credential harvesting, and RDP access to Veeam and Veritas backup systems.

Alerts

CISA Adds SolarWinds, Ivanti, and Workspace One Flaws to KEV Catalog — SolarWinds Linked to Warlock Ransomware Activity

CISA has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — a critical SolarWinds deserialization flaw linked to Warlock ransomware operations, an Ivanti Endpoint Manager authentication bypass, and a long-standing Workspace One SSRF vulnerability now being weaponized in coordinated campaigns. Federal agencies face an accelerated two-day deadline for

Alerts

Qualcomm Zero-Day CVE-2026-21385 Exploited in Targeted Android Attacks — Possible Spyware or Nation-State Links

Google's March 2026 Android security bulletin confirms that CVE-2026-21385, a high-severity memory corruption vulnerability in Qualcomm's graphics kernel, is under "limited, targeted exploitation" — language that security researchers say is consistent with commercial spyware operations or nation-state threat activity. The flaw, which carries a CVSS

Alerts

CISA Adds VMware Aria Operations RCE Flaw to KEV Catalog After Reports of Active Exploitation

CISA has added CVE-2026-22719 to its Known Exploited Vulnerabilities catalog after reports of active exploitation targeting VMware Aria Operations, the widely deployed enterprise monitoring platform used to track server, network, and cloud infrastructure performance. The vulnerability, a CVSS 8.1 command injection flaw, allows an unauthenticated attacker to execute arbitrary

Alerts

Cisco SD-WAN Zero-Day Exploited Since 2023 by Sophisticated Threat Actor — CVSS 10.0 Authentication Bypass Triggers CISA Emergency Directive

A CVSS 10.0 authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager has been under active exploitation since 2023 — over two years before disclosure — by a highly sophisticated threat actor that used it to compromise network management infrastructure and establish persistent footholds in high-value organizations. The vulnerability,

Alerts

Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Google has released emergency Chrome updates to address CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that was being actively exploited before a fix was available — marking the first Chrome zero-day of 2026. CVE-2026-2441 The vulnerability (CVSS 8.8) allows a remote attacker to execute arbitrary code

Alerts

BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Threat actors have begun actively exploiting a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances, with exploitation detected across global sensor networks overnight. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," said Ryan Dewhurst, head of threat

Alerts

Apple Patches First Zero-Day of 2026 After Google TAG Discovers Exploitation in Targeted Attacks

Apple has released security updates across its entire product ecosystem to address a zero-day vulnerability that the company says has been exploited in "extremely sophisticated" attacks targeting specific individuals. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in dyld — Apple's Dynamic Link Editor responsible

Alerts

Microsoft February 2026 Patch Tuesday Fixes Six Actively Exploited Zero-Days Across Windows, Office, and Remote Desktop

Microsoft's February 2026 Patch Tuesday addresses 59 vulnerabilities across Windows, Office, Azure, Edge, Exchange, and Hyper-V — including six zero-day flaws already being exploited in the wild. All six have been added to CISA's Known Exploited Vulnerabilities catalog with a March 3 federal patching deadline. Of the

Alerts

Fortinet Patches Two Critical Flaws — FortiClientEMS SQLi and Actively Exploited FortiCloud SSO Bypass

Fortinet has released security updates addressing two critical vulnerabilities, including an unauthenticated SQL injection in FortiClientEMS and a FortiCloud SSO authentication bypass that is already being exploited in the wild. CVE-2026-21643 — FortiClientEMS SQL Injection (CVSS 9.1) The first flaw, tracked as CVE-2026-21643, is a SQL injection vulnerability in FortiClientEMS

Alerts

BeyondTrust Patches Critical Unauthenticated RCE in Remote Support and Privileged Remote Access (CVE-2026-1731)

BeyondTrust has issued patches for a critical pre-authentication remote code execution vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) products — the same software previously exploited as zero-days in the 2024 breach of the U.S. Treasury Department. Tracked as CVE-2026-1731, the flaw is an OS command injection