Today's security brief highlights multiple critical vulnerabilities under active exploitation, including zero-days in Chrome V8, Check Point VPN, and LiteLLM, prompting urgent patching. We also see a continued surge in supply chain attacks targeting popular package managers and the emergence of self-replicating AI worms, signaling evolving threats in the software development and AI landscapes.

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now — Google has released emergency updates for Chrome to address 74 vulnerabilities, including CVE-2026-11645, an actively exploited out-of-bounds memory access flaw in its V8 JavaScript engine. Read more →
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks — A critical authentication bypass vulnerability (CVE-2026-50751) in Check Point Remote Access VPN and Mobile Access deployments, particularly those using IKEv1, is being actively exploited by Qilin ransomware affiliates. CISA has added this to its KEV catalog, urging federal agencies to patch within three days. Read more →
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE — CISA has added a high-severity command injection vulnerability (CVE-2026-42271) in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog, noting active exploitation that could lead to unauthenticated remote code execution. Read more →
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine — Russia-aligned cyber groups, Earth Dahu and SHADOW-EARTH-066, continue to exploit a WinRAR path traversal flaw (CVE-2025-8088) to deploy information stealers against Ukrainian organizations, nearly a year after patches were released. Read more →
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks — New variants of the self-propagating Shai-Hulud supply chain attacks, named Miasma and Hades, have compromised over 100 NPM and PyPI packages, aiming to steal developer credentials and propagate further. Read more →
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models — University of Toronto researchers have developed a proof-of-concept AI worm that uses a local open-weight large language model to autonomously navigate networks, generate attack strategies, and replicate itself without human intervention or commercial AI services. Read more →
French govt messaging service breached in account hijacking attack — DINUM, the French government's digital affairs directorate, reported that hackers breached Tchap, their encrypted messaging platform, by hijacking a user account. Read more →
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing — Researchers at Graz University of Technology have developed FROST, an attack that allows malicious websites to track visited sites and opened applications using only JavaScript and SSD timing, requiring no native code or permissions. Read more →