Vulnerabilities

Palo Alto Networks has issued important updates to fix 3 different flaws in its security products. These issues affect the Cortex XDR Agent, the Autonomous Digital Experience Manager (ADEM), and Cortex XSOAR/XSIAM platforms. The flaws include ways to skip local protection and access resources without permission. The first flaw, known …

A security bulletin alert points out several flaws in IMB Verify Identity Access and Security Verify Access products. Tracked as CVE-2026-2862 and CVE-2026-1491, these flaws in HTTP request smuggling come from problems with reverse proxy management and have a CVSS score of 5.3. A remote attacker who is not logged in …

Fortinet has released an urgent fix after security experts disclosed a zero-day flaw in FortiClient EMS that is being used by hackers. CVE-2026-35616 is an Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. Successful attacks do not …

Cisco has published updates to fix a security issue in the Integrated Management Controller (IMC). If this flaw is used successfully, a remote attacker without authorization could skip authentication and access the system with higher privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a …

Shadowserver has found more than 14,000 BIG-IP APM instances visible on the internet during ongoing attacks that use a remote code execution (RCE) weakness. BIG-IP APM is F5’s centralized access management proxy solution designed to help admins secure access to their organizations’ networks, cloud, applications, and application programming interfaces (APIs). This …

Threat intelligence company Defused said attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform. This SQL injection flaw, known as CVE-2026-21643, lets attackers run any code on systems that aren’t fixed. They can do this with simple attacks aimed at the FortiClient EMS web interface using …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new flaw in F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) list. They warned that this flaw is being used in real-world attacks. The vulnarability, known as CVE-2025-53521, was officially noted on March 27, 2026, and federal agencies must …

Cisco has put out an urgent security warning about a critical flaw in its Secure Firewall Management Center (FMC) software. This serious flaw lets hackers run any code with full control from far away. CVE-2026-20131 is a major security issue with a CVSS score of 10.0. It comes from unsafe deserialization …

An urgent warning about three important Apple flaws that are being used by hackers. These security flaws, known as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were added to CISA’s list of Known Exploited Vulnerabilities (KEV). Security experts have connected this group of three flaws to the advanced DarkSword iOS attack method. Hackers …

Google has launched a major security update for its Chrome browser. This update fixes 26 unique vulnerabilities that might let attackers run harmful code from a distance. The new Stable channel update brings versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS. Linux users will get version 146.0.7680.153. This important update is …