PAN-OS Zero Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks confirmed active exploitation of CVE-2026-0300 in the PAN-OS Captive Portal. The flaw allows unauthenticated remote code execution with root privileges on exposed firewalls, making it one of the most urgent perimeter risks in this cycle.Source: Palo...

PAN-OS Zero-Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks says CVE-2026-0300 in the PAN-OS Captive Portal is being actively exploited and allows unauthenticated remote code execution with root privileges. Because it affects internet-facing firewalls, it is one of the most urgent issues in this week’s set.Source:...

PAN-OS Zero-Day Under Active Exploitation Grants Root Access on FirewallsPalo Alto Networks warned that CVE-2026-0300 in the PAN-OS Captive Portal is being actively exploited and allows unauthenticated remote code execution with root privileges. Because the bug affects internet exposed firewalls, it stands out as one of the highest priority...

Critical cPanel and WHM Auth Bypass Requires Emergency Manual UpdateA critical cPanel and WHM flaw tracked as CVE-2026-41940 can allow attackers to access the control panel without authentication. The fix requires administrators to manually retrieve the patched build, which makes exposed hosting environments an immediate priority.Source: BleepingComputer Microsoft Confirms...

Vercel Finds More Compromised Accounts in Context.ai Linked BreachVercel said its investigation uncovered an additional set of affected customer accounts after expanding the indicators of compromise and reviewing environment variable access logs. The incident stemmed from a compromise tied to Context.ai and shows how third party identity and OAuth...

Adobe Patches Reader Zero Day Exploited for MonthsAdobe released emergency updates for CVE-2026-34621 after confirming exploitation in the wild for several months. The flaw can lead to arbitrary code execution when a victim opens a malicious PDF and affects Acrobat and Reader on Windows and macOS.Source: SecurityWeek Microsoft Patches...

Adobe Reader Zero Day Exploited for Months Through Malicious PDF FilesResearchers say a malicious PDF has been exploiting an Adobe Reader zero day in the wild since at least December, including against fully patched installations. The document appears to fingerprint the environment, abuse privileged Acrobat APIs to steal local...

Chinese Hackers Found Deep Within Telecom Backbone InfrastructureResearchers uncovered a China linked state actor deploying kernel implants and passive backdoors within global telecommunications backbone infrastructure for long term persistence. The operation appears designed for high level espionage and sustained access to critical environments.Source: SecurityWeek ShadowPrompt Vulnerability Enables Silent Hijacking...

2025 IT Sector Cyber Threat Report Highlights Evolving Threat LandscapeThe IT ISAC report outlines key cyber threat trends targeting the IT sector, emphasizing the role of collaborative intelligence sharing in identifying and mitigating attacks. The report provides insight into threat actors, techniques, and defensive strategies aimed at strengthening resilience...

Aura Discloses Data Breach Impacting 900,000 RecordsSecurity firm Aura disclosed a data breach caused by a phone phishing attack targeting an employee, which allowed attackers to access the account for approximately one hour. The company responded by terminating access, activating its incident response plan, and engaging external experts and...

NCI Warns of Increased Threats to Critical Infrastructure Amid Middle East ConflictA joint advisory from NCI highlights that the ongoing conflict in the Middle East raises risks for critical infrastructure globally. Organizations may face increased cyberattacks from Iranian state actors, hacktivists, and aligned cybercriminal groups. There is also a...

Google Fixes Two Chrome Zero Days Exploited in the WildGoogle released security updates addressing two Chrome zero day vulnerabilities that were actively exploited in the wild. The flaws affect the Skia and V8 components of the browser. Both vulnerabilities were discovered and reported internally by Google on March 10,...