Google released a security advisory to address a high-severity zero-day vulnerability in Chrome. Tracked as CVE-2026-2441, the vulnerability is being exploited in the wild. The vulnerability is a use-after-free flaw in the CSS browser’s CSS handling. An independent researcher, Shaheen Fazim, discovered and reported the vulnerability to Google on February 11, 2026.
Tag: CISA Known Exploitable Vulnerabilities Catalog
CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about an actively exploited vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. Tracked as CVE-2026-1731, successful exploitation of the vulnerability could allow an unauthenticated remote attacker to achieve remote code execution by sending specially crafted requests. CISA urged users to patch the vulnerability before February 16, 2026. BeyondTrust mentioned in the advisory, … Continue reading “CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)”
Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)
Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple. The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit … Continue reading “Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)”
Microsoft Patch Tuesday, February 2026 Security Update Review
Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise environments. Here’s a quick breakdown of what you need to know. This month’s release addresses 61 vulnerabilities, including five critical and 52 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed six zero-day vulnerabilities that have been exploited in the wild. Microsoft addressed one vulnerability in Microsoft Edge (Chromium-based) that was patched earlier this month.
MongoDB Memory Disclosure Vulnerability Under Active Exploitation (CVE-2025-14847) (MongoBleed)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a MongoDB vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. CISA urges users to patch the vulnerability before January 19, 2026. Tracked as CVE-2025-14847, the vulnerability has a high severity rating with a CVSS score of 8.7. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to disclose sensitive data from the MongoDB server memory. The vulnerability … Continue reading “MongoDB Memory Disclosure Vulnerability Under Active Exploitation (CVE-2025-14847) (MongoBleed)”
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)
Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Tracked as CVE-2025-20939, the vulnerability may allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of targeted appliances. The vulnerability has a critical severity rating with a … Continue reading “Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)”
Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529)
Apple issued security updates for iOS, iPadOS, macOS, and its Safari web browser to address a vulnerability being exploited in the wild. Tracked as CVE-2025-43529, the use-after-free vulnerability exists in WebKit. An attacker may exploit the vulnerability by processing maliciously crafted web content, leading to arbitrary code execution. The vulnerability was addressed with improved memory management. Apple is aware of an active exploitation of a vulnerability in a highly sophisticated attack targeting specific, high-profile individuals on iOS versions before iOS 26.
CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as CVE-2025-58360, the vulnerability has a high severity rating with a CVSS score of 8.2. Successful exploitation of the vulnerability may allow an attacker to retrieve arbitrary files from the server’s file system. GeoServer is an open-source server software written … Continue reading “CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)”
Google Patches Zero-day Vulnerability Exploited in Attack (CVE-2025-14174)
Google has issued urgent updates to address another Chrome zero-day vulnerability that is actively being exploited in the wild, making it the eighth security flaw fixed since the beginning of the year.
Fortinet Addresses Critical Vulnerabilities Impacting Multiple Fortinet Products (CVE-2025-59718 & CVE-2025-59719)
Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both vulnerabilities have a CVSS score of 9.1. Successful exploitation of the vulnerabilities could lead to improper access control.