Google warns of two actively exploited Chrome zero days

One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive information.
The Hacker News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.

CISA flags Wing FTP Server flaw as actively exploited in attacks

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.

Fortinet closes brute-force and command injection flaws in FortiWeb & Co.

Fortinet closes flaws in FortiWeb and FortiManager, allowing command injection, among other things. FortiGate firewalls were ...
The Hacker News

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Google patches two Chrome zero-days exploited in the wild, urging updates to version 146.0.7680.75/76 to prevent attacks.
SecurityWeek

CISA Flags Year-Old Wing FTP Vulnerability as Exploited

CISA warns that a Wing FTP vulnerability leading to the disclosure of the full local installation path has been exploited in attacks.

F5 strengthens its Application Delivery and Security Platform to simplify operations and accelerate secure AI adoption

New platform enhancements—including F5 Insight for ADSP—offer unified observability and proactive intelligence for modern IT ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

How creators can protect their identity in an age of AI clones

Protect yourself from AI and the perpetuity trap.