Google released fixes to address two zero-day vulnerabilities impacting its Chrome browser. Tracked as CVE-2026-3909 & CVE-2026-3910, both vulnerabilities have been assigned a high severity rating with a CVSS score of 8.8. Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. CISA also acknowledged the active exploitation of the vulnerabilities and added them to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerabilities before March … Continue reading “Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)”
Tag: Actively exploited
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)
Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Tracked as CVE-2025-20939, the vulnerability may allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of targeted appliances. The vulnerability has a critical severity rating with a … Continue reading “Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)”
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)
Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and Magento Open-Source platforms. Tracked as CVE-2025-54236, the vulnerability has a critical severity rating with a CVSS score of 9.1. The vulnerability originates from an improper input validation and could allow attackers to hijack customer accounts … Continue reading “Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)”
F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)
F5 Networks warned its users about a widespread cyberattack that compromised its systems and led to the theft of BIG-IP source code and details of unpatched security vulnerabilities. In the article, F5 describes becoming aware of the breach in August 2025. A highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files … Continue reading “F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)”
Malicious MCP Server on npm postmark-mcp Exploited in Attack
Security researchers discovered a significant vulnerability in the Model Context Protocol (MCP) server that was exploited in the wild. The reports described this as the first-ever instance of an MCP server being exploited in the wild, which can lead to software supply chain risks. The flaw exists in the npm package postmark-mcp, an MCP server … Continue reading “Malicious MCP Server on npm postmark-mcp Exploited in Attack”
Cisco Addresses Zero-day Vulnerabilities in Cisco ASA and FTD Software (CVE-2025-20362 & CVE-2025-20333)
Cisco warns its users to patch two actively exploited vulnerabilities impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance Software and Cisco Secure Firewall Threat Defense Software. Tracked as CVE-2025-20362 and CVE-2025-20333, the vulnerabilities can lead to remote code execution and unauthorized access of the affected device. Cisco mentioned in the advisory that … Continue reading “Cisco Addresses Zero-day Vulnerabilities in Cisco ASA and FTD Software (CVE-2025-20362 & CVE-2025-20333)”
Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)
Cisco released a security advisory to address an actively exploited vulnerability, tracked as CVE-2025-20352, impacting Cisco IOS and IOS XE Software. Successful exploitation of the vulnerability may allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition. A high-privileged attacker may execute arbitrary code as the root user and … Continue reading “Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)”
Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585)
On Wednesday, Google rolled out security updates for a Chrome vulnerability actively exploited in the wild. Tracked as CVE-2025-10585, the vulnerability is a type confusion flaw in the V8 JavaScript and WebAssembly engine. Google Threat Analysis Group discovered and reported the vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and … Continue reading “Another Zero-day Vulnerability impacting Google Chrome (CVE-2025-10585)”
Multiple npm Packages affected by the Ongoing Supply Chain Attack (Shai-Hulud Malware)
This is a supply chain attack that has impacted 198 unique npm packages spanning multiple maintainers. The malware campaign (part of the “Shai-Hulud” attack) has compromised npm packages in a worm-like manner. The malware affects various packages from different maintainers. Some are public; others belong to popular vendors like CrowdStrike. Altogether, these packages have more … Continue reading “Multiple npm Packages affected by the Ongoing Supply Chain Attack (Shai-Hulud Malware)”
Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)
Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS. CVE-2025-43300 is an out-of-bounds write flaw in Apple’s ImageIO framework. An attacker may exploit the vulnerability by processing a malicious image file, which could lead to … Continue reading “Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)”