Vulnerabilities
19 articles RSS
Google Patches Fourth Chrome Zero-Day of 2026 as CISA Orders Federal Agencies to Update Within Two Weeks
Google patches CVE-2026-5281, a use-after-free in Chrome's Dawn WebGPU layer exploited in the wild, marking the fourth Chrome zero-day of 2026. CISA gives federal agencies until April 15 to update.
OpenAI Patches ChatGPT DNS Data Exfiltration Flaw and Codex Command Injection That Exposed GitHub Tokens
Check Point and BeyondTrust disclose two distinct vulnerabilities in OpenAI products that allowed covert data theft through DNS queries and GitHub token compromise via branch name injection.
Critical Citrix NetScaler Flaw Draws Active Reconnaissance as Security Firms Warn of Imminent Exploitation
CVE-2026-3055, a CVSS 9.3 memory overread in NetScaler ADC and Gateway, echoes the 2023 CitrixBleed vulnerability that led to mass exploitation, with over 30,000 instances exposed online.
Three Vulnerabilities in LangChain and LangGraph Expose Files, API Keys, and Databases Across Millions of AI Deployments
Security researchers disclose a critical deserialization flaw and two high-severity bugs in the most widely downloaded AI framework on PyPI, with patches now available.
Oracle Issues Rare Emergency Patch for Critical Pre-Auth RCE in Identity Manager as Second Out-of-Band Fix in Four Months Signals Persistent Middleware Risk
Oracle releases out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE flaw in Identity Manager and Web Services Manager, just months after a similar vulnerability was actively exploited in the wild.
PolyShell Vulnerability Hits 57 Percent of Vulnerable Magento Stores as Mass Exploitation Escalates Without a Production Patch
A critical unauthenticated file upload flaw in Magento and Adobe Commerce, dubbed PolyShell, has been exploited at scale since March 19 with no production patch available.
Interlock Ransomware Exploited Cisco Firewall Zero-Day for 36 Days Before Patch
Amazon threat intelligence reveals that the Interlock ransomware group exploited a critical Cisco Secure Firewall Management Center zero-day vulnerability for over five weeks before Cisco disclosed and patched the flaw in early March 2026.
CISA Confirms BeyondTrust RCE Flaw Exploited in Ransomware Campaigns as Thousands of On-Premises Instances Remain Exposed
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, rated CVSS 9.9, is being actively exploited in ransomware attacks across six countries, with thousands of on-premises instances still unpatched.
Nine CrackArmor Vulnerabilities in Linux AppArmor Expose 12.6 Million Servers to Root Takeover
Qualys discovers nine confused deputy flaws in AppArmor that have lurked since 2017, enabling unprivileged users to escalate to root, escape containers, and crash kernels across Ubuntu, Debian, and SUSE.
Google Patches Two Actively Exploited Chrome Zero-Days Affecting Skia and V8 Engines
Google releases emergency Chrome 146 update to fix two high-severity zero-days in the Skia graphics library and V8 JavaScript engine, both confirmed exploited in the wild.
Microsoft March 2026 Patch Tuesday Fixes 84 Vulnerabilities Including Two Public Zero-Days and a Critical AI-Discovered Flaw
Microsoft's March 2026 security update addresses 84 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET, with two publicly disclosed zero-days, eight critical-rated flaws, and a 9.8-severity remote code execution bug discovered by an autonomous AI agent.
OpenClaw Surpasses React as GitHub's Most-Starred Project, Then Triggers a Cascading Security Crisis
The open-source AI agent went from zero to 250,000 GitHub stars in four months, but critical vulnerabilities exposed over 135,000 instances across 82 countries.