24h | 7d | 30d

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
4.76%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 7 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
ロシア関連のAPT28がパッチ適用前にMSHTMLのゼロデイ脆弱性CVE-2026-21513を悪用 Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch #SecurityAffairs (Mar 2) securityaffairs.com/188782/secur...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Packet Storm News @packetstorm.bsky.social
Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 https://packetstorm.news/news/view/40608 #news
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
piyokango @piyokango.bsky.social
ロシア関連のAPT28がパッチ適用前にMSHTMLのゼロデイ脆弱性CVE-2026-21513を悪用 #CybersecurityNews securityaffairs.com/188782/secur...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
CyberHub @cyberhub.blog
📌 APT28 Linked to High-Severity MSHTML Security Flaw CVE-2026-21513 https://www.cyberhub.blog/article/20646-apt28-linked-to-high-severity-mshtml-security-flaw-cve-2026-21513
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Sami Laiho @samilaiho.com
Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 www.akamai.com/blog/securit...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Commonwealth Sentinel Cyber Security @cwealthsentinel.bsky.social
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch securityaffairs.com/188782/secur...
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Foresiet includes "CVE-2026-21513: APT28 Exploits MSHTML Zero-Day in Targeted Attacks" and "CVE-2026-20127: In-Depth Analysis of the Cisco Catalyst #SDWAN Authentication Bypass Vulnerability". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-21385

Overview

  • Qualcomm, Inc.
  • Snapdragon
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

Memory corruption while using alignments for memory allocation.

Statistics

  • 7 Posts
  • 4 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
DragonJAR @dragonjar

En las últimas 24 horas, se ha descubierto una crítica vulnerabilidad en Google Chrome que permite espionaje a través de extensiones maliciosas, mientras que Android corrige una falla explotada en chipsets Qualcomm que podría comprometer dispositivos móviles; además, el Reino Unido alerta sobre ciberataques iraníes motivados por tensiones geopolíticas, destacando la urgencia de fortalecer la ciberseguridad. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 03/03/26 📆 |====

🔐 VULNERABILIDAD EN CHROME QUE PERMITE ESPIAR A TRAVÉS DE GEMINI LIVE

Se ha detectado una grave vulnerabilidad en Google Chrome que posibilita a extensiones maliciosas secuestrar la función Gemini Live, diseñada para asistencia en el navegador, con el fin de espiar a los usuarios y acceder a archivos sensibles almacenados en sus dispositivos. Esta brecha pone en riesgo la privacidad y seguridad de millones de usuarios, por lo que se recomienda extremar precauciones al instalar extensiones y mantener el navegador actualizado con los últimos parches de seguridad. Protege tu información y mantente alerta. Descubre más detalles sobre esta amenaza y cómo protegerte aquí 👉 djar.co/PlaRM

📱 GOOGLE CONFIRMA FALLA CRÍTICA EN COMPONENTE DE QUALCOMM EXPLOTADA EN ANDROID

La actualización de seguridad de marzo de 2026 para Android aborda 129 vulnerabilidades, entre ellas una falla crítica y ya explotada en dispositivos con chipsets Qualcomm, identificada como CVE-2026-21385. Esta vulnerabilidad permite ejecución remota de código, poniendo en riesgo la integridad de los dispositivos móviles. Se recomienda a todos los usuarios actualizar sus dispositivos de inmediato para protegerse contra posibles ataques que podrían comprometer datos personales y corporativos. Infórmate sobre esta actualización fundamental y cómo aplicarla en tu equipo aquí 👉 djar.co/h1BDO

⚠️ ALERTA EN EL REINO UNIDO POR AMENAZAS DE CIBERATAQUES IRANÍES EN CONTEXTO DE CONFLICTO EN ORIENTE MEDIO

El Centro Nacional de Seguridad Cibernética del Reino Unido ha emitido una advertencia urgente ante el aumento de riesgo de ciberataques dirigidos por grupos vinculados a Irán, motivados por las tensiones en Oriente Medio. Las organizaciones británicas deben fortalecer sus defensas y estar preparadas para enfrentar posibles intentos de intrusión, campañas de desinformación y sabotajes digitales. Esta situación subraya la importancia de mantener una postura de ciberseguridad proactiva en entornos geopolíticos inestables. Conoce las recomendaciones oficiales para proteger tu infraestructura crítica aquí 👉 djar.co/jmrIn

  • 1
  • 2
  • 0
  • 7h ago
Profile picture fallback
Jeff Hall - PCIGuru :verified: @jbhall56

The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation. securityweek.com/android-updat

  • 0
  • 0
  • 1
  • 5h ago

Bluesky

Profile picture fallback
softfantw.bsky.social @softfantw.bsky.social
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited thehackernews.com/2026/03/goog...
  • 1
  • 0
  • 1
  • 11h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Google disclosed a high-severity Qualcomm Graphics component vulnerability (CVE-2026-21385) being exploited in Android devices, with March 2026 patches addressing 129 total vulnerabilities including critical remote code execution and privilege escalation flaws.
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-0628

Overview

  • Google
  • Chrome
06 Jan 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Statistics

  • 6 Posts
  • 3 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Jeff Hall - PCIGuru :verified: @jbhall56

The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. theregister.com/2026/03/03/goo

  • 0
  • 0
  • 1
  • 4h ago

Bluesky

Profile picture fallback
Blockchain Report @blockchainreport.bsky.social
🚨 Chrome Security Alert! A vulnerability (CVE-2026-0628) allows malicious extensions to access your webcam, mic, screen & files via the Gemini Live panel. Google has patched it in Chrome v143.0.7499.192/.193 (Win/Mac) & v143.0.7499.192 (Linux). Update NOW! #Chrome #Security #Vulnerability
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Cryptovka | Новости Крипторынка и Блокчейна @cryptovkanews.bsky.social
🚨 Критическая уязвимость CVE-2026-0628 в Chrome угрожает криптокошелькам MetaMask, Phantom, Trust Wallet! 💰 Злоумышленники могут получить доступ к локальным файлам, камерам и микрофонам. Google выпустила патчи. 💻 Обновите браузер немедленно! Версия 143.0.7499.192/193. Источник: GoPlus.
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Tech-News @technology-news.bsky.social
Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.
  • 0
  • 1
  • 0
  • Last hour
Profile picture fallback
Bitnewsbot @bitnewsbot.bsky.social
Google Chrome patched a critical privilege escalation flaw (CVE-2026-0628) in its browser in January 2026. The vulnerability allowed specially crafted […]
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-2628

Overview

  • cyberlord92
  • All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
03 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%
KEV

Description

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-2628: CRITICAL auth bypass in All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin (≤2.2.5). Attackers can access WP admin accounts with no credentials. Disable plugin or restrict logins until patched! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-2628 – CRITICAL (9.8) Authentication Bypass in Microsoft 365 / Azure AD SSO Plugin for WordPress. Unauthenticated attackers can log in as arbitrary users — including administrators. Full report: basefortify.eu/cve_reports/... #CVE #WordPress #SSO #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-21902

Overview

  • Juniper Networks
  • Junos OS Evolved
25 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.33%
KEV

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Statistics

  • 4 Posts
Last activity: 4 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Juniper、PTX ルーターに致命的な脆弱性(CVE-2026-21902) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs
  • 0
  • 0
  • 2
  • 4h ago

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 3 Posts
Last activity: 4 hours ago

Bluesky

Profile picture fallback
PCI Guru @jbhall56.bsky.social
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. www.darkreading.com/vulnerabilit...
  • 0
  • 0
  • 1
  • 4h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Foresiet includes "CVE-2026-21513: APT28 Exploits MSHTML Zero-Day in Targeted Attacks" and "CVE-2026-20127: In-Depth Analysis of the Cisco Catalyst #SDWAN Authentication Bypass Vulnerability". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-14500

Overview

  • IceWarp
  • IceWarp
23 Dec 2025
Published
30 Dec 2025
Updated
CVSS v3.0
CRITICAL (9.8)
EPSS
1.29%
KEV

Description

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 22 hours ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
We are scanning & reporting IceWarp CVE-2025-14500 (CVSS 9.8, pre-auth command injection RCE) instances. 1278 IPs seen 2026-03-01 (version based). Patch: support.icewarp.com/hc/en-us/com... IP data: www.shadowserver.org/what-we-do/n... World Map view: dashboard.shadowserver.org/statistics/c...
  • 2
  • 4
  • 0
  • 22h ago

CVE-2026-27495

Overview

  • n8n-io
  • n8n
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.06%
KEV

Description

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Statistics

  • 2 Posts
  • 9 Interactions
Last activity: 5 hours ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
We are continuing to expand our n8n RCE vulnerability scanning - most recently adding CVE-2026-27495 (CVSS 9.4) tagging as well. You can track our various n8n scan results here for the most well known critical vulns: dashboard.shadowserver.org/statistics/c... Top affected: US, Germany & France.
  • 1
  • 6
  • 0
  • 5h ago
Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
IP data on vulnerable instances is tagged 'n8n' & with a cve tag (like cve-2026-27495) in our Vulnerable HTTP reporting www.shadowserver.org/what-we-do/n... Latest n8n critical RCE vulns (all covered with above tag): github.com/n8n-io/n8n/s... github.com/n8n-io/n8n/s... github.com/n8n-io/n8n/s...
  • 0
  • 2
  • 0
  • 5h ago

CVE-2026-0714

Overview

  • Moxa
  • UC-1200A Series
05 Feb 2026
Published
05 Feb 2026
Updated
CVSS v4.0
HIGH (7.0)
EPSS
0.01%
KEV

Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Martin Boller :debian: :tux: :freebsd: :windows: :mastodon: @itisiboller

cyloq.se/en/research/cve-2026-

  • 1
  • 1
  • 0
  • 10h ago

CVE-2026-0006

Overview

  • Google
  • Android
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS
Pending
EPSS
0.09%
KEV

Description

In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔴 CVE-2026-0006: CRITICAL RCE in Android 16 via heap buffer overflows. No user action or privileges needed — remote attackers can fully compromise devices. Patch urgently when available! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 18h ago
Showing 1 to 10 of 69 CVEs