Vulnerabilities

Google's March 2026 Android security update addresses 129 vulnerabilities including an actively exploited Qualcomm graphics flaw affecting 235 chipsets and a critical remote code execution bug in Android 16.

A command injection vulnerability in Broadcom's VMware Aria Operations is under active exploitation, prompting CISA to set a March 24 federal remediation deadline.

A maximum-severity authentication bypass in Cisco Catalyst SD-WAN has been actively exploited since 2023 by a sophisticated threat actor, prompting a CISA emergency directive requiring federal agencies to patch or disconnect affected systems.

Amazon Threat Intelligence tracked a low-skill actor who used DeepSeek and Claude to compromise 600+ FortiGate devices across 55 countries, signaling AI is lowering the barrier to large-scale cyberattacks.

Microsoft's February Patch Tuesday fixes 58 flaws including six zero-days already under attack, with CISA ordering immediate federal remediation.

OpenAI launches a tiered access framework for cybersecurity professionals alongside $10 million in API grants, as GPT-5.3-Codex becomes the company's first model rated 'high' for cyber risk.

A CVSS 9.9 command-injection bug in BeyondTrust Remote Support and Privileged Remote Access lets unauthenticated attackers execute OS commands, echoing the zero-days that gave Chinese state hackers access to the U.S. Treasury in 2024.