ALL POSTS

Key Findings Apple expanded iOS 18.7.7 availability on April 1, 2026 to protect users from the DarkSword exploit kit, which targets iOS versions 18.4 through 18.7 The update now covers iPhone XR through iPhone 16e and multiple iPad models, allowing users to patch vulnerabilities without upgrading to iOS 26 DarkSword spreads through watering hole attacks on compromised legitimate websites and can deploy backdoors and data miners for persistent access Approximately 20% of users

Key Findings Apple released security updates for older iOS and iPadOS versions to address vulnerabilities in the Coruna exploit kit Updates cover devices that cannot upgrade to the latest iOS versions Patches address multiple vulnerabilities, including WebKit and kernel-related issues Coruna exploit kit targets iOS versions 13.0 through 17.2.1 with 23 total exploits Background The Coruna exploit kit, also known as CryptoWaters, was first identified by Google's Threat Intellig

Key Findings Microsoft released its monthly security update for March 2026, addressing 79 vulnerabilities 3 vulnerabilities were marked as "critical" by Microsoft Remaining vulnerabilities were classified as "important" Microsoft assessed that exploitation of the "critical" vulnerabilities is "less likely" Background CVE-2026-26110 and CVE-2026-26113 are "critical" Microsoft Office Remote Code Execution Vulnerabilities CVE-2026-26144 is a "critical" information disclosure vul

Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa

Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec

Key Findings Researchers from Google Project Zero have discovered a comprehensive "zero-click" exploit chain targeting the Google Pixel 9 smartphone. The exploit chain spans from remote code execution during media decoding to the ultimate compromise of the kernel. The vulnerabilities were patched in the security updates released on January 5, 2026. Background The pivotal shift in recent years lies in the propensity of "intelligent" smartphone features to preemptively analyze