Vulnerabilities
-
CISA adds Wing FTP information disclosure flaw CVE-2025-47813 to KEV catalog
CISA added CVE-2025-47813, an information disclosure in Wing FTP Server, to its Known Exploited Vulnerabilities catalog. The bug affects versions up to 7.4.3 and was fixed in 7.4.4. Agencies should apply fixes by March 30, 2026.
-
Android 17 Beta 2 blocks non-accessibility apps from accessibility API while Advanced Protection Mode is active
Android 17 Beta 2 tests a restriction that blocks non-accessibility apps from the accessibility services API while Advanced Protection Mode is enabled and revokes existing permissions to reduce misuse of the API.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
GlassWorm campaign escalates with transitive Open VSX extensions
A Socket report flagged a GlassWorm escalation in Open VSX with 72 malicious extensions found since January 31, 2026. The campaign uses transitive extension installs and invisible Unicode obfuscation to deliver payloads.
-
Google patches two Chrome zero-days exploited in the wild
Google released Chrome updates to fix two high severity zero-days exploited in the wild. Both are scored 8.8. Users should update Chrome to the listed versions on Windows macOS and Linux to reduce risk.
-
Nine CrackArmor Flaws in Linux AppArmor Could Enable Local Root Escalation
Qualys disclosed nine confused deputy vulnerabilities in the Linux kernel AppArmor module that can allow unprivileged users to bypass protections, escalate to root, and undermine container isolation. Vendors and administrators should prioritise kernel patches.
-
Authorities dismantle SocksEscort proxy service built from infected residential routers
Court-authorized international law enforcement disrupted the SocksEscort proxy service in March 2026, dismantling a router-based botnet and freezing $3.5 million in cryptocurrency, the U.S. Department of Justice said.
-
Two critical n8n flaws patched after researcher finds remote code execution risk
Two critical vulnerabilities in the n8n workflow platform were reported and patched in March 2026. A technical analysis and vendor advisories show flaws that can enable remote code execution and decryption of stored credentials.
-
UNC6426 used stolen npm keys to gain AWS administrator access in under 72 hours
UNC6426 leveraged keys from an August 2025 nx npm supply chain compromise to obtain a GitHub token and escalate to AWS administrator permissions in under 72 hours, leading to S3 data exfiltration and production resource destruction.
-
Five malicious Rust crates exfiltrated .env files and AI bot exploited GitHub Actions
Researchers found five malicious Rust crates on crates.io that exfiltrated .env files. Packages were removed. Users should rotate secrets, audit CI workflows and restrict outbound access to reduce supply chain risk.
