The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure Windows systems against a vulnerability tracked as CVE-2026-32202 after cybersecurity firm Akamai reported it as a zero-click NTLM hash leak left behind when Microsoft incompletely patched a February remote code execution flaw (CVE-2026-21510). CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated that
Tag: CISA
CISA: Zimbra XSS (CVE-2025-48700) Now Exploited — 10,500+ Servers Vulnerable
Over 10,000 instances of the Zimbra Collaboration Suite are exposed online and remain vulnerable to an actively exploited cross-site scripting flaw, raising fresh alarms about email server security for governments and businesses alike. The vulnerability, tracked as CVE-2025-48700, is serious because it can be triggered without user interaction and has been confirmed as abused in the wild, prompting action from
Chrome 0‑Day Under Active Attack: CVE‑2026‑2441 — What You Need to Do Now
Google has released an emergency patch for a high‑severity zero‑day in Chrome after confirming active exploitation in the wild. Tracked as CVE‑2026‑2441, the vulnerability is a use‑after‑free bug in Chrome’s CSS handling that can enable remote code execution when a user visits crafted web content. How the flaw works CVE‑2026‑2441 arises from improper lifecycle management of objects in the rendering