Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 27, … Continue reading “Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)”
Tag: Exploited in the Wild
Fortinet FortiClientEMS Vulnerability Exploited in the Wild (CVE-2026-35616)
Fortinet released a security advisory to address an actively exploited vulnerability impacting FortiClientEMS. Tracked as CVE-2026-35616, the vulnerability has a critical severity rating with a CVSS score of 9.1. Successful exploitation may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)
Google released fixes to address two zero-day vulnerabilities impacting its Chrome browser. Tracked as CVE-2026-3909 & CVE-2026-3910, both vulnerabilities have been assigned a high severity rating with a CVSS score of 8.8. Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. CISA also acknowledged the active exploitation of the vulnerabilities and added them to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerabilities before March … Continue reading “Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)”
Google Patches its First Zero-day Vulnerability of the Year (CVE-2026-2441)
Google released a security advisory to address a high-severity zero-day vulnerability in Chrome. Tracked as CVE-2026-2441, the vulnerability is being exploited in the wild. The vulnerability is a use-after-free flaw in the CSS browser’s CSS handling. An independent researcher, Shaheen Fazim, discovered and reported the vulnerability to Google on February 11, 2026.
Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)
Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple. The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit … Continue reading “Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)”
Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)
Threat actors are exploiting a zero-day vulnerability, CVE-2025-64446, that has been discovered in Fortinet’s FortiWeb web application firewall product. Successful exploitation of this new vulnerability allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. FortiGuard mentioned in the advisory that they are aware of the active exploitation … Continue reading “Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)”
Malicious MCP Server on npm postmark-mcp Exploited in Attack
Security researchers discovered a significant vulnerability in the Model Context Protocol (MCP) server that was exploited in the wild. The reports described this as the first-ever instance of an MCP server being exploited in the wild, which can lead to software supply chain risks. The flaw exists in the npm package postmark-mcp, an MCP server … Continue reading “Malicious MCP Server on npm postmark-mcp Exploited in Attack”
Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)
Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS. CVE-2025-43300 is an out-of-bounds write flaw in Apple’s ImageIO framework. An attacker may exploit the vulnerability by processing a malicious image file, which could lead to … Continue reading “Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)”
WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)
WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files in unintended system locations. Tracked as CVE-2025-8088, the vulnerability has a high severity rating with a CVSS score of 8.4. Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the vulnerability to … Continue reading “WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)”
Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)
Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities may allow attackers to achieve remote code execution upon successful exploitation. Both vulnerabilities have a critical severity rating with a CVSS score of 9.4. Trend Micro mentioned in the advisory that they had observed at least … Continue reading “Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)”