A sophisticated supply-chain attack is targeting the popular npm package Axios. Attackers compromised a lead maintainer’s account to publish malicious versions 1.14.1 and 0.30.4, injecting a hidden dependency called plain-crypto-js version 4.2.1. The dependency executes a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux.
Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026-5281)
Google released an urgent security advisory to address a vulnerability being exploited in the wild. CVE-2026-5281 is a use-after-free vulnerability in Dawn, the open-source implementation of the WebGPU standard. This type of memory corruption flaw occurs when an application continues to use a pointer after the memory it points to has been cleared. Attackers can leverage this to execute arbitrary code or bypass critical security boundaries on a … Continue reading “Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026-5281)”
N8n Patches Critical Remote Code Execution Vulnerability (CVE-2026-33660)
N8n is vulnerable to a critical remote code execution flaw. Tracked as CVE-2026-33660, the vulnerability has a CVSS score of 9.4. Successful exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary commands on the target system.
CISA Warns about Active Exploitation of F5 BIG-IP Vulnerability (CVE-2025-53521)
CISA added a critical vulnerability in F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities catalog on Friday, based on evidence of ongoing exploitation. Tracked as CVE-2025-53521, successful exploitation of the vulnerability could allow a threat actor to achieve remote code execution. CISA urges users to patch the vulnerability before March 30, 2026.
CISA Added Langflow Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-33017)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently acknowledged the active exploitation of the Langflow vulnerability. Tracked as CVE-2026-33017, the vulnerability may allow an unauthenticated remote attacker to execute arbitrary code on the target system. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before April 8, 2025.
Citrix NetScaler ADC and NetScaler Gateway multiple vulnerabilities (CVE-2026-3055 & CVE-2026-4368)
Citrix released a security advisory addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway. Tracked as CVE-2026-3055 & CVE-2026-4368, successful exploitation of these vulnerabilities may result in memory overread and user session mix-up, respectively.
CISA Added Zimbra Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-66376)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations and users about active exploitation of a vulnerability impacting Synacor Zimbra Collaboration Suite (ZCS). CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 1, 2026. CISA also warned users to follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Tracked as CVE-2025-66376, Syncor patched … Continue reading “CISA Added Zimbra Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-66376)”
Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)
Google released fixes to address two zero-day vulnerabilities impacting its Chrome browser. Tracked as CVE-2026-3909 & CVE-2026-3910, both vulnerabilities have been assigned a high severity rating with a CVSS score of 8.8. Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. CISA also acknowledged the active exploitation of the vulnerabilities and added them to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerabilities before March … Continue reading “Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)”
CISA Warns About Ivanti EPM Vulnerability Exploited in Attacks (CVE-2026-1603)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) informs users that the Ivanti Endpoint Manager vulnerability is being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before March 23, 2026.
Microsoft Patch Tuesday, March 2026 Security Update Review
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses multiple vulnerabilities spanning Windows components and other Microsoft products. Here’s a quick breakdown of what you need to know. This month’s release addresses 93 vulnerabilities, including eight critical … Continue reading “Microsoft Patch Tuesday, March 2026 Security Update Review”