ALL POSTS

Key Findings Two high-severity command injection vulnerabilities discovered in PHP Composer's Perforce VCS driver CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8) allow arbitrary command execution through malicious repository configs and crafted inputs Patches released: Composer 2.9.6 (mainline) and 2.2.27 (LTS) No active exploitation detected on Packagist.org or Private Packagist as of April 10, 2026 Perforce metadata publishing temporarily disabled as precaution Back

Key Findings Adobe released emergency patches for CVE-2026-34621, a critical vulnerability in Acrobat Reader actively exploited in the wild The flaw has a CVSS score of 8.6 and allows arbitrary code execution through prototype pollution in JavaScript Evidence suggests exploitation has been occurring since at least December 2025 Security researcher Haifei Li discovered the vulnerability being used to deliver malicious JavaScript via crafted PDFs Affected versions include Acrob

Key Findings Critical RCE vulnerability CVE-2026-39987 in Marimo (CVSS 9.3) exploited within 9 hours 41 minutes of disclosure Unauthenticated attackers can obtain full interactive shell access on exposed instances through /terminal/ws WebSocket endpoint Affects all Marimo versions up to 0.20.4; patched in version 0.23.0 Unknown threat actor built working exploit from advisory alone, with no public PoC available Attacker conducted credential theft operation and reconnaissance,

Key Findings Over 14,000 F5 BIG-IP APM instances remain exposed online with active exploitation of CVE-2025-53521 Vulnerability reclassified from denial-of-service to critical remote code execution with CVSS score of 9.8 Originally disclosed in October 2025, but severity assessment updated in March 2026 after new findings Shadowserver tracks over 17,100 total BIG-IP APM fingerprints exposed globally, concentrated in US, Europe, and Asia CISA added flaw to Known Exploited Vuln

Key Findings Apple expanded iOS 18.7.7 availability on April 1, 2026 to protect users from the DarkSword exploit kit, which targets iOS versions 18.4 through 18.7 The update now covers iPhone XR through iPhone 16e and multiple iPad models, allowing users to patch vulnerabilities without upgrading to iOS 26 DarkSword spreads through watering hole attacks on compromised legitimate websites and can deploy backdoors and data miners for persistent access Approximately 20% of users

Key Findings Google patched CVE-2026-5281, a use-after-free vulnerability in the WebGPU Dawn component that is actively being exploited This marks the fourth Chrome zero-day under active exploitation in 2026 Users are urged to update immediately to Chrome 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux) The vulnerability affects graphics processing capabilities and could allow attackers to execute malicious code or crash the browser Google withheld technical explo

Key Findings Check Point discovered a critical vulnerability in ChatGPT that allowed attackers to exfiltrate user data, uploaded files, and conversation history without detection or consent The flaw exploited a hidden DNS-based communication channel in the Linux runtime environment, bypassing all visible AI guardrails OpenAI patched the ChatGPT vulnerability on February 20, 2026, with no evidence of malicious exploitation BeyondTrust Phantom Labs identified a command injectio

Key Findings CVE-2026-3055 is a critical vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway affecting memory through an insufficient input validation flaw Attackers are actively probing the vulnerability via honeypot detection and fingerprinting authentication methods Only affects systems configured as a SAML Identity Provider, though this is a common enterprise configuration No public exploits exist yet, but in-the-wild exploitation is considered imminent Organizat

Key Findings Vulnerability in Anthropic's Claude Chrome extension allowed zero-click prompt injection from any website without user interaction or permission prompts Attack chains two flaws: overly permissive origin allowlist and DOM-based XSS in Arkose Labs CAPTCHA component Successful exploitation could enable data theft, access token compromise, conversation history access, and account takeover Patch deployed December 27, 2025 (version 1.0.41); Arkose Labs fixed XSS compon

Key Findings * Critical remote code execution vulnerability in Langflow (CVE-2026-33017) * CVSS score: 9.3 * Exploited within 20 hours of advisory publication * Allows unauthenticated remote code execution via API endpoint * Affects all Langflow versions prior to 1.8.1 * Attackers can execute arbitrary Python code with full server privileges * Observed exploitation includes credential harvesting and potential supply chain compromise Background Langflow, an open-source AI plat

Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra

Key Findings * Critical remote code execution vulnerability in n8n workflow platform * CVE-2025-68613 added to CISA's Known Exploited Vulnerabilities (KEV) catalog * 24,700 unpatched instances exposed online * Vulnerability allows authenticated attackers to execute arbitrary code * FCEB agencies ordered to patch by March 25, 2026 Background n8n is an open-source workflow automation platform that allows users to connect different applications and services. The vulnerability ex

Key Findings Anthropic's AI model Claude Opus 4.6 discovered 22 security vulnerabilities in the Mozilla Firefox web browser over the course of two weeks. 14 of the 22 vulnerabilities were classified as high-severity, nearly a fifth of all high-severity Firefox issues fixed in 2025. Mozilla addressed the majority of these vulnerabilities in Firefox 148, released in January 2026. This demonstrates AI's growing capability to rapidly detect critical security flaws in complex soft

Key Findings A critical vulnerability in Nginx UI, tracked as CVE-2026-27944, allows attackers to download and decrypt full server backups without authentication. The vulnerability stems from two major flaws: the /api/backup endpoint lacks authentication, and the server exposes the AES-256 encryption key and IV in an HTTP response header. Exploitation of the vulnerability could have serious consequences as a full Nginx UI backup contains large amounts of sensitive operational

Key Findings OpenAI has launched Codex Security, an AI-powered security agent designed to find, validate, and propose fixes for software vulnerabilities. Over the last 30 days, Codex Security has scanned more than 1.2 million commits across external repositories, identifying 792 critical and 10,561 high-severity findings. The vulnerabilities found include issues in various open-source projects like OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium. Codex Security leve

Key Findings Google's Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024 Nearly half of the flaws (43, or 48%) targeted enterprise technologies, marking a record share and confirming a shift toward enterprise-focused attacks Browser exploitation declined to historic lows, while operating system flaws were increasingly abused Nation-state actors mainly targeted edge devices and security appliances, while co

Key Findings Google disclosed that a high-severity vulnerability, CVE-2026-21385 (CVSS score: 7.8), affecting an open-source Qualcomm component used in Android devices has been actively exploited. The vulnerability is a buffer over-read in the Graphics component, described by Qualcomm as "memory corruption when adding user-supplied data without checking available buffer space" and an integer overflow. Google acknowledged "there are indications that CVE-2026-21385 may be under

Key Findings: Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 (CVSS 8.8) before Microsoft patched it in February 2026 The vulnerability is an Internet Explorer security control bypass that can lead to code execution when a victim opens a malicious HTML page or LNK file Akamai researchers found a malicious sample uploaded to VirusTotal on January 2026 tied to infrastructure linked to APT28 The exploit relies on nested iframes and multiple DOM contexts t

Key Findings About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. The campaign exploited a post-authentication command injection vulnerability, tracked as CVE-2025-64328 (CVSS score of 8.6), in the endpoint manager interface. The Shadowserver Foundation reports that around 900 FreePBX instances a

Key Findings OpenClaw has fixed a high-severity security issue that could have allowed a malicious website to connect to a locally running AI agent and take over control. The flaw, dubbed "ClawJacked" by Oasis Security, enables a malicious website to silently open a WebSocket connection to the local OpenClaw gateway and brute-force the password. Upon successful authentication, the malicious script can register as a trusted device, which is automatically approved by the gatewa