Vulnerabilities
-
Google issues patches for 129 Android flaws including actively exploited Qualcomm zero day
Google released updates that fix 129 Android vulnerabilities, including an actively exploited zero day in a Qualcomm display component. The bulletin adds two March patch levels and addresses 10 critical flaws that can enable remote code execution.
-
CyberStrikeAI observed on infrastructure tied to FortiGate campaign, researchers say
A Team Cymru report says the open source CyberStrikeAI platform was observed on infrastructure tied to a campaign that compromised more than 500 FortiGate firewalls. The report found 21 IPs running the tool between January 20 and February 26, 2026.
-
Patched Chrome flaw allowed malicious extensions to hijack Gemini panel
A Unit 42 technical analysis found CVE-2026-0628 could let malicious Chrome extensions inject code into the Gemini panel and access camera, microphone, screenshots, and local files. Google patched the issue in early January 2026.
-
UK automated scanner cuts DNS fix times from 50 days to eight
An automated Vulnerability Monitoring System cut DNS vulnerability remediation in the UK public sector from 50 days to eight and sped other fixes. Firefox added a Sanitizer API and the FTC updated COPPA policy on age verification.
-
ClawJacked flaw let malicious websites brute force local OpenClaw instances
A high severity OpenClaw vulnerability called ClawJacked let malicious websites brute force local management passwords at hundreds of guesses per second. OpenClaw issued a fix in version 2026.2.26 on February 26 to block the attack.
-
Critical Junos flaw allows unauthenticated root takeover of PTX routers
A Junos OS Evolved flaw in PTX Series routers could allow unauthenticated remote code execution as root. Juniper issued patches and operators are advised to apply fixes or restrict access and consider disabling the vulnerable service.
-
Malicious NuGet package impersonated Stripe library and logged 180,000 downloads
A malicious NuGet package posing as a Stripe payments library was uploaded on February 16, 2026 and amassed over 180,000 downloads across 506 versions before removal. Researchers documented the campaign.
-
Fake Next.js interview projects backdoor developer machines
Fake Next.js repositories and coding tests are being used to trigger remote code execution on developer machines. Malicious JavaScript runs when projects are opened or run then installs backdoors and exfiltrates data.
-
Suspected Chinese cyberespionage used Google Sheets API to hide C2 in campaign affecting 53 organisations
A suspected Chinese threat actor used Google Sheets API calls for command-and-control in a global campaign that affected 53 organisations in 42 countries since 2023. A technical analysis details the GRIDTIDE backdoor and mitigation steps.
-
Zyxel issues patches for critical UPnP command injection affecting dozens of routers
Zyxel released updates for a critical UPnP command injection, CVE-2025-13942, that can allow unauthenticated remote command execution on many routers. Exploitation requires UPnP and WAN access to be enabled and patches are available.
