The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations and users about active exploitation of a vulnerability impacting Synacor Zimbra Collaboration Suite (ZCS). CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 1, 2026. CISA also warned users to follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Tracked as CVE-2025-66376, Syncor patched … Continue reading “CISA Added Zimbra Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-66376)”
Author: Diksha Ojha
Senior Technical Writer
Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)
Google released fixes to address two zero-day vulnerabilities impacting its Chrome browser. Tracked as CVE-2026-3909 & CVE-2026-3910, both vulnerabilities have been assigned a high severity rating with a CVSS score of 8.8. Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. CISA also acknowledged the active exploitation of the vulnerabilities and added them to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerabilities before March … Continue reading “Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)”
CISA Warns About Ivanti EPM Vulnerability Exploited in Attacks (CVE-2026-1603)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) informs users that the Ivanti Endpoint Manager vulnerability is being exploited in the wild. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before March 23, 2026.
Microsoft Patch Tuesday, March 2026 Security Update Review
Microsoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses multiple vulnerabilities spanning Windows components and other Microsoft products. Here’s a quick breakdown of what you need to know. This month’s release addresses 93 vulnerabilities, including eight critical … Continue reading “Microsoft Patch Tuesday, March 2026 Security Update Review”
Cisco Patches Secure Firewall Management Center Software Vulnerabilities (CVE-2026-20079 & CVE-2026-20131)
Cisco released security updates to address two critical-severity vulnerabilities impacting the Secure Firewall Management Center Software. Successful exploitation of the vulnerabilities may lead to code execution.
VMware Aria Operations Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2026-22719)
CISA warns users about an actively exploited vulnerability in VMware Aria Operations by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2026-22719, CISA urged users to patch the vulnerability before March 24, 2026. Successful exploitation of this vulnerability may lead to the disclosure of sensitive information.
Cisco SD-WAN Controller and Manager Authentication Bypass Vulnerability (CVE-2026-20127)
Cisco released a security update to address an actively exploited vulnerability impacting Cisco Catalyst SD-WAN Controller and SD-WAN Manager. Tracked as CVE-2026-20127, successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. CISA also acknowledged the active exploitation of the vulnerability and added it to its Known Exploited Vulnerabilities Catalog. CISA … Continue reading “Cisco SD-WAN Controller and Manager Authentication Bypass Vulnerability (CVE-2026-20127)”
Google Patches its First Zero-day Vulnerability of the Year (CVE-2026-2441)
Google released a security advisory to address a high-severity zero-day vulnerability in Chrome. Tracked as CVE-2026-2441, the vulnerability is being exploited in the wild. The vulnerability is a use-after-free flaw in the CSS browser’s CSS handling. An independent researcher, Shaheen Fazim, discovered and reported the vulnerability to Google on February 11, 2026.
CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about an actively exploited vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. Tracked as CVE-2026-1731, successful exploitation of the vulnerability could allow an unauthenticated remote attacker to achieve remote code execution by sending specially crafted requests. CISA urged users to patch the vulnerability before February 16, 2026. BeyondTrust mentioned in the advisory, … Continue reading “CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)”
Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)
Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple. The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit … Continue reading “Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)”