2026Vulnerability

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

AndyC 7 April 2026

Ravie LakshmananApr 07, 2026Vulnerability / Threat Intelligence A China-based threat actor known for deploying Medusa ransomware has been linked to the...

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

AndyC 5 April 2026

Ravie LakshmananApr 05, 2026Vulnerability / API Security Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

AndyC 3 April 2026

Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection...

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

AndyC 2 April 2026

Ravie LakshmananApr 01, 2026Vulnerability / Browser Security Google on Thursday released security updates for its Chrome web browser to address...

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

AndyC 29 March 2026

Ravie LakshmananMar 28, 2026Vulnerability / Network Security A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway...

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

AndyC 29 March 2026

Ravie LakshmananMar 28, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical...

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

AndyC 28 March 2026

Ravie LakshmananMar 27, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if...

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

AndyC 23 March 2026

Ravie LakshmananMar 23, 2026Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest...

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

AndyC 22 March 2026

Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity...

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

AndyC 22 March 2026

Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security...

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

AndyC 18 March 2026

Ravie LakshmananMar 18, 2026Vulnerability / Data Protection Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet...

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

AndyC 17 March 2026

Ravie LakshmananMar 17, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity...

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

AndyC 13 March 2026

Ravie LakshmananMar 13, 2026Vulnerability / Enterprise Security Veeam has released security updates to address multiple critical vulnerabilities in its Backup...

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

AndyC 13 March 2026

Ravie LakshmananMar 12, 2026Vulnerability / Malware Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS...

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

AndyC 12 March 2026

Ravie LakshmananMar 12, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical...

2026Vulnerability

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

As breakout time accelerates, prevention-first cybersecurity takes center stage

Digital assets after death: Managing risks to your loved one’s digital estate

This month in security with Tony Anscombe – March 2026 edition

RSAC 2026 wrap-up – Week in security with Tony Anscombe

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Lattice-based Signature Schemes for MCP Host Authentication

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed