CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Blog

Byadmblake February 18, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to…

CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap

Blog

23andMe Bankruptcy Filing May Put Sensitive Data at Risk

Security experts worry the company’s Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.

Read More 23andMe Bankruptcy Filing May Put Sensitive Data at Risk
Blog

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. “ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very…

Read More ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
Blog

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing

Read More CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
Blog

SAP Netweaver Zero-Day Attack

What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The…

Read More SAP Netweaver Zero-Day Attack
Blog

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Multiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. “The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North…

Read More DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Blog

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka “Co-Conspirator 1”) based in Florida, all U.S. nationals, are said to have used…

Read More U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Related