Critical vulnerabilities in enterprise software are under active exploitation with no patches available, while supply chain attacks continue targeting npm and GitHub repositories. Major browser and platform vendors are racing to patch record numbers of security flaws as AI-powered vulnerability discovery accelerates threat detection.

Critical Everest Forms Pro Vulnerability Actively Exploited — Hackers are actively exploiting CVE-2026-3300 in the Everest Forms Pro WordPress plugin to gain complete control of websites. Read more →
Cisco SD-WAN Manager Zero-Day Exploited with No Patch Available — CVE-2026-20245 (CVSS 7.8) in Cisco Catalyst SD-WAN Manager is under active exploitation enabling root privilege escalation, with no patch currently available. Read more →
CISA Adds SolarWinds Serv-U DoS Flaw to KEV Catalog — CVE-2026-28318 (CVSS 7.5), a denial-of-service vulnerability in SolarWinds Serv-U, has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation. Read more →
Miasma Worm Hits 73 Microsoft GitHub Repositories — The self-replicating Miasma supply chain attack compromised 73 Microsoft repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations, prompting GitHub to disable access. Read more →
AI Agent Discovers 21 Zero-Days in FFmpeg; Chrome Patches 429 Bugs — An autonomous AI agent uncovered 21 previously unknown vulnerabilities in FFmpeg, while Google released Chrome 149 with a record 429 security patches, including over 100 critical or high-severity flaws. Read more →
IronWorm and Miasma Worm Variant Hit npm Supply Chain — Over 50 poisoned npm packages distributed a Rust-based information stealer and self-spreading worm, with the stealer scraping secrets and hiding behind an eBPF kernel rootkit. Read more →
Over 900 U.S. Gas Station Tank Gauge Systems Exposed — More than 900 automatic tank gauge (ATG) systems across critical infrastructure sectors are exposed online and vulnerable to ongoing attacks, prompting CISA and federal partners to urge hardening measures. Read more →
Hackers Exploited Meta's AI Support Bot to Seize Instagram Accounts — High-profile Instagram accounts including the Obama White House and U.S. Space Force Chief Master Sergeant were briefly defaced after attackers tricked Meta's AI support assistant into resetting passwords. Read more →