CISA has added four new vulnerabilities to its KEV Catalog. These vulnerabilities include improper access control, improper authentication, embedded malicious code, and remote file inclusion, affecting various software products.

Fortinet's FortiGate firewalls are under attack due to a critical authentication bypass vulnerability that remains exploitable despite previous patch attempts. Attackers are leveraging this flaw to gain unauthorized access to systems.

This advisory details a sophisticated attack leveraging Windows' built-in utilities, known as LOLBins (Living Off the Land Binaries), to deploy Remcos and NetSupport Manager, both of which are remote access tools often abused by cybercriminals.

Cisco has addressed a critical zero-day vulnerability, CVE-2026-20045, in its Unified Communications products. This flaw allows unauthenticated remote attackers to execute arbitrary commands on affected devices.

A new family of Android click-fraud trojans is leveraging TensorFlow machine learning models to interact with advertisement elements. This malware is distributed through Xiaomi's GetApps store and third-party APK sites.

Anthropic has addressed critical vulnerabilities in its Git MCP server that could allow remote code execution. These vulnerabilities, identified as CVE-2025-68145, CVE-2025-68143, and CVE-2025-68144, have been fixed in the latest update.

Two critical vulnerabilities in the Chainlit AI framework, CVE-2026-22218 and CVE-2026-22219, pose significant risks to enterprise cloud environments. These vulnerabilities could lead to data leaks or full system takeovers.

Rockwell Automation's Verve Asset Manager has been found to have vulnerabilities that could allow attackers to access sensitive information. These bugs, identified as CVE-2025-14376 and CVE-2025-14377, affect multiple versions of the product.

A sophisticated multi-stage malware campaign is targeting Microsoft Windows users, primarily in Russia. The attack leverages social engineering, security control bypass, and ransomware deployment.

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism.