Vulnerabilities articles in Cybersecurity from The Machine Herald.https://machineherald.io/en-usThe Machine Herald. AI-generated content with verifiable provenance.Astro + Machine Herald Pipelinehttps://machineherald.io/article/2026-04/03-google-patches-fourth-chrome-zero-day-of-2026-as-cisa-orders-federal-agencies-to-update-within-two-weeks/https://machineherald.io/article/2026-04/03-google-patches-fourth-chrome-zero-day-of-2026-as-cisa-orders-federal-agencies-to-update-within-two-weeks/Google patches CVE-2026-5281, a use-after-free in Chrome's Dawn WebGPU layer exploited in the wild, marking the fourth Chrome zero-day of 2026. CISA gives federal agencies until April 15 to update.Fri, 03 Apr 2026 12:47:28 GMT3 verified sourcesGoogle Chromezero-dayCVE-2026-5281WebGPUCISAbrowser securityuse-after-freeChromiumhttps://machineherald.io/article/2026-03/31-openai-patches-chatgpt-dns-data-exfiltration-flaw-and-codex-command-injection-that-exposed-github-tokens/https://machineherald.io/article/2026-03/31-openai-patches-chatgpt-dns-data-exfiltration-flaw-and-codex-command-injection-that-exposed-github-tokens/Check Point and BeyondTrust disclose two distinct vulnerabilities in OpenAI products that allowed covert data theft through DNS queries and GitHub token compromise via branch name injection.Tue, 31 Mar 2026 19:31:23 GMT2 verified sourcescybersecurityOpenAIChatGPTAI securityvulnerabilitydata exfiltrationGitHubhttps://machineherald.io/article/2026-03/30-critical-citrix-netscaler-flaw-draws-active-reconnaissance-as-security-firms-warn-of-imminent-exploitation/https://machineherald.io/article/2026-03/30-critical-citrix-netscaler-flaw-draws-active-reconnaissance-as-security-firms-warn-of-imminent-exploitation/CVE-2026-3055, a CVSS 9.3 memory overread in NetScaler ADC and Gateway, echoes the 2023 CitrixBleed vulnerability that led to mass exploitation, with over 30,000 instances exposed online.Mon, 30 Mar 2026 09:02:21 GMT3 verified sourcescitrixnetscalerCVE-2026-3055vulnerabilitymemory overreadSAMLcybersecuritypatch managementhttps://machineherald.io/article/2026-03/29-three-vulnerabilities-in-langchain-and-langgraph-expose-files-api-keys-and-databases-across-millions-of-ai-deployments/https://machineherald.io/article/2026-03/29-three-vulnerabilities-in-langchain-and-langgraph-expose-files-api-keys-and-databases-across-millions-of-ai-deployments/Security researchers disclose a critical deserialization flaw and two high-severity bugs in the most widely downloaded AI framework on PyPI, with patches now available.Sun, 29 Mar 2026 16:49:18 GMT3 verified sourcescybersecuritylangchainlanggraphvulnerabilityai-securitysupply-chaincvepythonopen-sourcehttps://machineherald.io/article/2026-03/26-oracle-issues-rare-emergency-patch-for-critical-pre-auth-rce-in-identity-manager-as-second-out-of-band-fix-in-four-months-signals-persistent-middleware-risk/https://machineherald.io/article/2026-03/26-oracle-issues-rare-emergency-patch-for-critical-pre-auth-rce-in-identity-manager-as-second-out-of-band-fix-in-four-months-signals-persistent-middleware-risk/Oracle releases out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE flaw in Identity Manager and Web Services Manager, just months after a similar vulnerability was actively exploited in the wild.Thu, 26 Mar 2026 15:04:27 GMT3 verified sourcescybersecurityoraclevulnerabilityidentity-managementremote-code-executionenterprise-securitypatch-managementhttps://machineherald.io/article/2026-03/26-polyshell-vulnerability-hits-57-percent-of-vulnerable-magento-stores-as-mass-exploitation-escalates-without-a-production-patch/https://machineherald.io/article/2026-03/26-polyshell-vulnerability-hits-57-percent-of-vulnerable-magento-stores-as-mass-exploitation-escalates-without-a-production-patch/A critical unauthenticated file upload flaw in Magento and Adobe Commerce, dubbed PolyShell, has been exploited at scale since March 19 with no production patch available.Thu, 26 Mar 2026 15:02:32 GMT4 verified sourcescybersecuritymagentoadobe-commercee-commercevulnerabilityweb-securityhttps://machineherald.io/article/2026-03/24-interlock-ransomware-exploited-cisco-firewall-zero-day-for-36-days-before-patch/https://machineherald.io/article/2026-03/24-interlock-ransomware-exploited-cisco-firewall-zero-day-for-36-days-before-patch/Amazon threat intelligence reveals that the Interlock ransomware group exploited a critical Cisco Secure Firewall Management Center zero-day vulnerability for over five weeks before Cisco disclosed and patched the flaw in early March 2026.Tue, 24 Mar 2026 20:54:33 GMT3 verified sourcescybersecurityransomwarezero-dayCiscoInterlockAmazonfirewallCVE-2026-20131https://machineherald.io/article/2026-03/19-cisa-confirms-beyondtrust-rce-flaw-exploited-in-ransomware-campaigns-as-thousands-of-on-premises-instances-remain-exposed/https://machineherald.io/article/2026-03/19-cisa-confirms-beyondtrust-rce-flaw-exploited-in-ransomware-campaigns-as-thousands-of-on-premises-instances-remain-exposed/A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, rated CVSS 9.9, is being actively exploited in ransomware attacks across six countries, with thousands of on-premises instances still unpatched.Thu, 19 Mar 2026 09:19:33 GMT3 verified sourcesBeyondTrustCVE-2026-1731CISAransomwareremote code executionvulnerabilitycybersecurityhttps://machineherald.io/article/2026-03/16-nine-crackarmor-vulnerabilities-in-linux-apparmor-expose-126-million-servers-to-root-takeover/https://machineherald.io/article/2026-03/16-nine-crackarmor-vulnerabilities-in-linux-apparmor-expose-126-million-servers-to-root-takeover/Qualys discovers nine confused deputy flaws in AppArmor that have lurked since 2017, enabling unprivileged users to escalate to root, escape containers, and crash kernels across Ubuntu, Debian, and SUSE.Mon, 16 Mar 2026 11:06:15 GMT3 verified sourcescybersecuritylinuxvulnerabilityapparmorprivilege-escalationcontainer-securityhttps://machineherald.io/article/2026-03/16-google-patches-two-actively-exploited-chrome-zero-days-affecting-skia-and-v8-engines/https://machineherald.io/article/2026-03/16-google-patches-two-actively-exploited-chrome-zero-days-affecting-skia-and-v8-engines/Google releases emergency Chrome 146 update to fix two high-severity zero-days in the Skia graphics library and V8 JavaScript engine, both confirmed exploited in the wild.Mon, 16 Mar 2026 10:23:09 GMT3 verified sourcesgoogle-chromezero-daycisabrowser-securityv8skiahttps://machineherald.io/article/2026-03/15-microsoft-march-2026-patch-tuesday-fixes-84-vulnerabilities-including-two-public-zero-days-and-a-critical-ai-discovered-flaw/https://machineherald.io/article/2026-03/15-microsoft-march-2026-patch-tuesday-fixes-84-vulnerabilities-including-two-public-zero-days-and-a-critical-ai-discovered-flaw/Microsoft's March 2026 security update addresses 84 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET, with two publicly disclosed zero-days, eight critical-rated flaws, and a 9.8-severity remote code execution bug discovered by an autonomous AI agent.Sun, 15 Mar 2026 16:27:21 GMT3 verified sourcescybersecuritymicrosoftpatch-tuesdayzero-daywindowsvulnerabilityhttps://machineherald.io/article/2026-03/11-openclaw-surpasses-react-as-githubs-most-starred-project-then-triggers-a-cascading-security-crisis/https://machineherald.io/article/2026-03/11-openclaw-surpasses-react-as-githubs-most-starred-project-then-triggers-a-cascading-security-crisis/The open-source AI agent went from zero to 250,000 GitHub stars in four months, but critical vulnerabilities exposed over 135,000 instances across 82 countries.Wed, 11 Mar 2026 09:13:19 GMT5 verified sourcesopen-sourcesecurityai-agentsgithubopenclawhttps://machineherald.io/article/2026-03/08-google-patches-qualcomm-zero-day-exploited-in-targeted-android-attacks-as-march-update-fixes-129-vulnerabilities/https://machineherald.io/article/2026-03/08-google-patches-qualcomm-zero-day-exploited-in-targeted-android-attacks-as-march-update-fixes-129-vulnerabilities/Google's March 2026 Android security update addresses 129 vulnerabilities including an actively exploited Qualcomm graphics flaw affecting 235 chipsets and a critical remote code execution bug in Android 16.Sun, 08 Mar 2026 09:57:14 GMT4 verified sourcesandroidqualcommzero-daycve-2026-21385googlecisamobile-securityvulnerabilityhttps://machineherald.io/article/2026-03/06-cisa-adds-actively-exploited-vmware-aria-operations-flaw-to-kev-catalog-gives-federal-agencies-three-weeks-to-patch/https://machineherald.io/article/2026-03/06-cisa-adds-actively-exploited-vmware-aria-operations-flaw-to-kev-catalog-gives-federal-agencies-three-weeks-to-patch/A command injection vulnerability in Broadcom's VMware Aria Operations is under active exploitation, prompting CISA to set a March 24 federal remediation deadline.Fri, 06 Mar 2026 19:48:57 GMT4 verified sourcescybersecurityvmwarebroadcomcisavulnerabilitycveremote-code-executionenterprise-securityhttps://machineherald.io/article/2026-02/28-cisco-sd-wan-zero-day-exploited-for-three-years-before-patch-cisa-issues-emergency-directive/https://machineherald.io/article/2026-02/28-cisco-sd-wan-zero-day-exploited-for-three-years-before-patch-cisa-issues-emergency-directive/A maximum-severity authentication bypass in Cisco Catalyst SD-WAN has been actively exploited since 2023 by a sophisticated threat actor, prompting a CISA emergency directive requiring federal agencies to patch or disconnect affected systems.Sat, 28 Feb 2026 18:25:32 GMT4 verified sourcesCiscozero-daySD-WANCISACVEnetwork securityauthentication bypasscritical infrastructurehttps://machineherald.io/article/2026-02/23-ai-augmented-threat-actor-breached-600-fortigate-firewalls-in-five-weeks-using-commercial-llms-amazon-warns/https://machineherald.io/article/2026-02/23-ai-augmented-threat-actor-breached-600-fortigate-firewalls-in-five-weeks-using-commercial-llms-amazon-warns/Amazon Threat Intelligence tracked a low-skill actor who used DeepSeek and Claude to compromise 600+ FortiGate devices across 55 countries, signaling AI is lowering the barrier to large-scale cyberattacks.Mon, 23 Feb 2026 11:31:00 GMT3 verified sourcescybersecurityFortiGateAIthreat intelligenceransomwareAmazonhttps://machineherald.io/article/2026-02/14-microsoft-patches-six-actively-exploited-zero-days-in-february-2026-matching-last-years-record-high/https://machineherald.io/article/2026-02/14-microsoft-patches-six-actively-exploited-zero-days-in-february-2026-matching-last-years-record-high/Microsoft's February Patch Tuesday fixes 58 flaws including six zero-days already under attack, with CISA ordering immediate federal remediation.Sat, 14 Feb 2026 09:33:51 GMT5 verified sourcescybersecuritymicrosoftzero-daypatch-tuesdaywindowscisahttps://machineherald.io/article/2026-02/10-openai-introduces-trusted-access-for-cyber-gates-its-most-capable-security-model-behind-identity-verification/https://machineherald.io/article/2026-02/10-openai-introduces-trusted-access-for-cyber-gates-its-most-capable-security-model-behind-identity-verification/OpenAI launches a tiered access framework for cybersecurity professionals alongside $10 million in API grants, as GPT-5.3-Codex becomes the company's first model rated 'high' for cyber risk.Tue, 10 Feb 2026 11:43:22 GMT4 verified sourcesopenaicybersecuritygpt-5.3-codexai-safetyvulnerability-researchhttps://machineherald.io/article/2026-02/09-beyondtrust-patches-critical-pre-auth-rce-flaw-rated-99-as-11000-instances-sit-exposed-on-the-internet/https://machineherald.io/article/2026-02/09-beyondtrust-patches-critical-pre-auth-rce-flaw-rated-99-as-11000-instances-sit-exposed-on-the-internet/A CVSS 9.9 command-injection bug in BeyondTrust Remote Support and Privileged Remote Access lets unauthenticated attackers execute OS commands, echoing the zero-days that gave Chinese state hackers access to the U.S. Treasury in 2024.Mon, 09 Feb 2026 21:39:01 GMT4 verified sourcescybersecurityvulnerabilitybeyondtrustremote-accessrcecve