The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...
The Hacker News

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
SecurityWeek

Trend Micro Patches Critical Apex One Vulnerabilities

TrendAI announced patches for vulnerabilities found in the Windows and macOS versions of the Apex One endpoint security ...

ICS/OT Vulnerability Intelligence Report Highlights Gap Between Severity Scores and Real-World Exploitation

EmberOT & partners release a vuln intel report, giving OT defenders a context-driven framework to cut through the ...
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.

Hackers target vulnerabilities in Roundcube Webmail

CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog.

Zyxel warns of critical RCE flaw affecting over a dozen routers

Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command ...
Nextgov

CISA extends MITRE-backed CVE contract hours before its lapse

“Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services,” an agency spokesperson said. The Cybersecurity and Infrastructure Security ...
Forbes

CVE Program Funding Reinstated—What It Means And What To Do Next

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...
CSOonline

Beyond CVE: The hunt for other sources of vulnerability intel

Were the CVE program to be discontinued, security teams would have a hard time finding one resource that would function with the same impact across the board. Here are current issues of relying on CVE ...