CVE-2026-5734 and CVE-2026-5735: Critical memory safety vulnerabilities in Mozilla Firefox (before 149.0.2) and Thunderbird with CVSS 9.8 scores. Evidence of memory corruption suggests exploitability for arbitrary code execution. Update all Firefox and Thunderbird installations immediately. Daily Security Briefing April 7, 2026 CVE-2026-5734 | CVSS 9.8 | CRITICAL Severity | No Known Active Exploitation Affected Product Mozilla Firefox < 149.0.2, Firefox ESR < 1

CVE-2026-35616 is a critical (CVSS 9.8) improper access control vulnerability in Fortinet FortiClient EMS versions 7.4.5 through 7.4.6 that is actively being exploited in the wild. Organizations running affected versions should apply Fortinet's patch immediately -- CISA requires federal agencies to remediate by April 9, 2026. Daily Security Briefing April 6, 2026 CVE-2026-35616 | CVSS 9.8 | CRITICAL Severity | Actively Exploited (CISA KEV) Affected Product Fort

Daily Security Briefing April 2, 2026 CVE-2026-20093 | CVSS 9.8 | CRITICAL Severity | No Known Active Exploitation Affected Product Cisco Integrated Management Controller (IMC) Description A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) allows an unauthenticated, remote attacker to bypass authentication and gain Admin-level access. The flaw stems from incorrect handling of password change requests. An attack

Daily Security Briefing April 1, 2026 CVE-2026-5281 | CVSS 8.8 | HIGH Severity | Actively Exploited in the Wild Affected Product Google Chrome (Dawn / WebGPU component) — versions prior to 135.0.7049.95 (Windows/Mac) and 135.0.7049.52 (Linux) Description A use-after-free vulnerability in Dawn, Google Chrome's WebGPU implementation, allows remote attackers to achieve code execution via a crafted HTML page. Dawn handles GPU-accelerated graphics operations in Chr

Daily Security Briefing April 1, 2026 CVE-2026-5281 | CVSS 8.8 | HIGH Severity | Actively Exploited (CISA KEV) Affected Product Google Chrome (Dawn component) prior to version 146.0.7680.178 on Windows, macOS, and Linux Description A use-after-free vulnerability exists in the Dawn WebGPU implementation within Google Chrome. An attacker who has already compromised the Chrome renderer process can exploit this flaw to execute arbitrary code on the victim's system

Daily Security Briefing March 21, 2026 CISA added three Apple vulnerabilities to the Known Exploited Vulnerabilities catalog on March 20, 2026. These affect iOS, iPadOS, macOS, watchOS, visionOS, tvOS, and Safari. All three are confirmed actively exploited in the wild and require patching by April 3, 2026. 1. Safari and WebKit Memory Corruption CVE-2025-31277 | CVSS 8.8 | HIGH Severity | Actively Exploited Affected Product Apple Safari (prior to 18.6), iOS and

Daily Security Briefing March 20, 2026 CVE-2026-20131 | CVSS 10.0 | CRITICAL Severity | Actively Exploited (Known Ransomware Use) Affected Product Cisco Secure Firewall Management Center (FMC) versions 6.4.0.13 through 7.7.11 and version 10.0.0. Over 70 affected version branches spanning multiple major releases. Also affects Cisco Security Cloud Control (SCC) Firewall Management. Description An insecure deserialization vulnerability (CWE-502) exists in the web

Daily Security Briefing March 18, 2026 CVE-2026-21994 | CVSS 9.8 | CRITICAL Severity | Public Disclosure (NVD) Affected Product Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0 Description A critical unauthenticated remote code execution vulnerability exists in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0. An unauthenticated attacker with network access via HTTP can exploit this flaw to achi

Daily Security Briefing March 17, 2026 Both vulnerabilities below were originally published by NVD on March 13, 2026 and added to the CISA Known Exploited Vulnerabilities (KEV) catalog on March 16, 2026. This briefing is issued on March 17 to highlight the active exploitation risk for organizations that have not yet applied patches. CVE-2026-3909 | CVSS 8.8 | HIGH Severity | Actively Exploited (CISA KEV) Affected Product Google Chrome (all versions prior to 14