Alerts

Alerts

Qualcomm Zero-Day CVE-2026-21385 Exploited in Targeted Android Attacks — Possible Spyware or Nation-State Links

Google's March 2026 Android security bulletin confirms that CVE-2026-21385, a high-severity memory corruption vulnerability in Qualcomm's graphics kernel, is under "limited, targeted exploitation" — language that security researchers say is consistent with commercial spyware operations or nation-state threat activity. The flaw, which carries a CVSS

Alerts

CISA Adds VMware Aria Operations RCE Flaw to KEV Catalog After Reports of Active Exploitation

CISA has added CVE-2026-22719 to its Known Exploited Vulnerabilities catalog after reports of active exploitation targeting VMware Aria Operations, the widely deployed enterprise monitoring platform used to track server, network, and cloud infrastructure performance. The vulnerability, a CVSS 8.1 command injection flaw, allows an unauthenticated attacker to execute arbitrary

Alerts

Cisco SD-WAN Zero-Day Exploited Since 2023 by Sophisticated Threat Actor — CVSS 10.0 Authentication Bypass Triggers CISA Emergency Directive

A CVSS 10.0 authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager has been under active exploitation since 2023 — over two years before disclosure — by a highly sophisticated threat actor that used it to compromise network management infrastructure and establish persistent footholds in high-value organizations. The vulnerability,

Alerts

Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Google has released emergency Chrome updates to address CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that was being actively exploited before a fix was available — marking the first Chrome zero-day of 2026. CVE-2026-2441 The vulnerability (CVSS 8.8) allows a remote attacker to execute arbitrary code

Alerts

BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Threat actors have begun actively exploiting a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances, with exploitation detected across global sensor networks overnight. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," said Ryan Dewhurst, head of threat

Alerts

Apple Patches First Zero-Day of 2026 After Google TAG Discovers Exploitation in Targeted Attacks

Apple has released security updates across its entire product ecosystem to address a zero-day vulnerability that the company says has been exploited in "extremely sophisticated" attacks targeting specific individuals. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in dyld — Apple's Dynamic Link Editor responsible

Alerts

Microsoft February 2026 Patch Tuesday Fixes Six Actively Exploited Zero-Days Across Windows, Office, and Remote Desktop

Microsoft's February 2026 Patch Tuesday addresses 59 vulnerabilities across Windows, Office, Azure, Edge, Exchange, and Hyper-V — including six zero-day flaws already being exploited in the wild. All six have been added to CISA's Known Exploited Vulnerabilities catalog with a March 3 federal patching deadline. Of the

Alerts

Fortinet Patches Two Critical Flaws — FortiClientEMS SQLi and Actively Exploited FortiCloud SSO Bypass

Fortinet has released security updates addressing two critical vulnerabilities, including an unauthenticated SQL injection in FortiClientEMS and a FortiCloud SSO authentication bypass that is already being exploited in the wild. CVE-2026-21643 — FortiClientEMS SQL Injection (CVSS 9.1) The first flaw, tracked as CVE-2026-21643, is a SQL injection vulnerability in FortiClientEMS

Alerts

BeyondTrust Patches Critical Unauthenticated RCE in Remote Support and Privileged Remote Access (CVE-2026-1731)

BeyondTrust has issued patches for a critical pre-authentication remote code execution vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) products — the same software previously exploited as zero-days in the 2024 breach of the U.S. Treasury Department. Tracked as CVE-2026-1731, the flaw is an OS command injection

Alerts

Hackers Exploit Critical React Native Metro Flaw to Compromise Developer Systems (CVE-2025-11953)

A critical vulnerability in the React Native Community CLI Metro development server is being actively exploited to compromise developer workstations and CI/CD environments. Tracked as CVE-2025-11953 and dubbed Metro4Shell, the flaw carries a CVSS score of 9.8 and allows unauthenticated OS command injection through the server's

Alerts

Cisco Meeting Management Vulnerability Allows Authenticated Attackers to Gain Root Access

Cisco has released a security advisory for CVE-2026-20098, a high-severity vulnerability in Cisco Meeting Management that allows authenticated remote attackers to upload arbitrary files, execute commands, and escalate privileges to root. The flaw carries a CVSS score of 8.8 and affects all versions of Cisco Meeting Management prior to

Alerts

Microsoft Integrates Sysmon Directly into Windows 11 for Native Threat Detection

Microsoft has announced the integration of System Monitor (Sysmon) directly into Windows 11, bringing one of the most widely-used threat detection tools natively into the operating system. The feature is now available in Windows 11 Insider Preview Build 26300.7733 (KB5074178) in the Dev Channel. Previously available only as a