Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

Critical Remote Code Execution Vulnerability Discovered in Protobuf.js Library
published: today
Protobuf.js patched a critical remote code execution vulnerability (CVE-2026-41242) caused by unsafe dynamic code generation when processing malicious protobuf schemas. The flaw allows attackers to execute arbitrary JavaScript code on servers or developer machines, potentially exposing sensitive credentials and enabling lateral movement.
Take action: If your applications use protobuf.js (or libraries like gRPC, Firebase, or Google Cloud SDKs), update protobuf.js to version 8.0.1 or 7.5.5 ASAP. Run npm audit to catch hidden dependencies. Going forward, only load schemas you control and prefer precompiled static schemas in production to avoid this class of attack entirely.
Systemic Design Flaw in MCP Protocol Exposes AI Ecosystem to RCE
published: today
A systemic design flaw in Model Context Protocol (MCP) allows remote command execution across multiple AI frameworks, including Flowise, affecting over 200,000 instances. The vulnerability enables attackers to bypass security controls and gain full system access through malicious prompts or marketplace poisoning.
Take action: If you're using any AI agent tools or frameworks that rely on MCP (like Flowise, GPT Researcher, Langchain, Windsurf, or similar), treat them as very dangerous and restrict their access to the internet and internal networks. Run them only in isolated sandboxes with no access to sensitive data, credentials, or cloud environments. Only install AI tools from verified, trusted sources, and monitor these systems closely for any unusual activity until vendors release confirmed patches.
Mailcow Patches Critical XSS Flaws Enabling Unauthenticated Account Takeover
published: yesterday
Mailcow patched three XSS vulnerabilities, including a critical flaw in Autodiscover logs, that allow unauthenticated attackers to take over administrator accounts and exfiltrate sensitive emails. The flaws were fixed in version 2026-03b after researchers demonstrated how to chain them with Login CSRF to steal user data.
Take action: If you run a self-hosted Mailcow email server, update it to version 2026-03b ASAP. These vulnerabilities could let an attacker silently take over your admin account just by sending a crafted email. After updating, also check that your server is configured to only accept the X-Real-IP header from trusted internal proxies, not from the open internet.
Microsoft Defender RedSun Zero-Day Exploit Grants SYSTEM Privileges
published: April 17, 2026
Microsoft Defender is vulnerable to a new zero-day exploit named "RedSun" that allows unprivileged users to gain SYSTEM privileges by abusing the Cloud Files API. The flaw enables attackers to overwrite critical system binaries by manipulating how the antivirus handles malicious files with cloud tags.
Take action: Update your Windows Defender ASAP to version 4.18.26030.3011 or later (via Windows Update) to fix the BlueHammer flaw. The RedSun flaw has no patch yet, so until Microsoft releases one, have your security team monitor for unusual Defender file write activity targeting C:\Windows\System32, and consider deploying endpoint detection rules to catch oplock-assisted file redirection. If you don't have a security team, make sure automatic Windows Updates are turned on and limit who can log into your Windows machines locally.
Cisco Patches Critical RCE and Impersonation Flaws in ISE and Webex
published: April 16, 2026
Cisco patched four critical vulnerabilities in Identity Services Engine and Webex Services that allow for remote code execution, root privilege escalation, and unauthenticated user impersonation.
Take action: Make sure all Cisco ISE devices are isolated from the internet and only accessible from trusted management networks. Then update ISE to the fixed patch level for your version (3.1 Patch 11, 3.2 Patch 10, 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3). For Webex SSO with trust anchors, upload a new IdP SAML certificate to Control Hub.
Anthropic Claude Code Leak Reveals Critical Command Injection Vulnerabilities
published: April 16, 2026
Anthropic's Claude Code CLI contains three critical command injection vulnerabilities that allow attackers to execute arbitrary code and exfiltrate cloud credentials via environment variables, file paths, and authentication helpers. These flaws bypass the tool's internal sandbox and are particularly dangerous in CI/CD environments where trust dialogs are disabled.
Take action: If you're using Claude Code, update immediately to the latest version and stop using authentication helpers. Instead, set the ANTHROPIC_API_KEY environment variable directly. Also, review any .claude/settings.json changes in pull requests as carefully as code changes, and never run the CLI against untrusted pull requests in CI/CD pipelines.
Google Patches 31 Chrome Vulnerabilities Including Critical Sandbox Escapes
published: April 16, 2026
Google released security updates for Chrome to fix 31 vulnerabilities, including five critical flaws that allow attackers to bypass the browser sandbox and execute malicious code.
Take action: Another, a huge patch for Chrome and Chromium based browsers (Edge, Opera, Brave, Vivaldi...). Don't delay, it has five critical flaws and a bunch of others. It's only a matter of time before some get exploited. Don't wait. Updating the browser is easy, all your tabs reopen after the patch.
GitHub Webhook Secret Exposure: Some Secrets Inadvertently Leaked in HTTP Headers Between September 2025 and January 2026
published: April 15, 2026
A bug in GitHub's new webhook delivery platform (active Sept 2025–Jan 2026) inadvertently exposed webhook secrets in an HTTP header, potentially allowing attackers who obtained them to forge GitHub webhook payloads. GitHub has notified affected owners and urged them to immediately rotate their webhook secrets, purge any logs containing the exposed headers, and verify HMAC signature validation.
Take action: If you received a notification from GitHub about this webhook secret exposure, rotate your affected webhook secrets immediately and purge any HTTP request header logs on your receiving systems that may contain the leaked secrets. After rotating, verify that your endpoint is properly validating the X-Hub-Signature-256 header with the new secret to prevent forged payloads. If you are using CircleCI, check their advisory as well.
wolfSSL Patches Critical Certificate Forgery Vulnerability Affecting Billions of Devices
published: April 15, 2026
wolfSSL version 5.9.1 patched a critical flaw (CVE-2026-5194) that allows attackers to use forged certificates to impersonate trusted servers.
Take action: If you use devices or software built on wolfSSL (common in IoT, routers, industrial controllers, and embedded systems), make sure they are isolated from the internet and accessible from trusted networks only, then check with your device vendor for firmware updates that include wolfSSL version 5.9.1 to patch CVE-2026-5194. Be aware that older or unsupported devices may never get this fix, so network isolation and monitoring are your only protection for those.
Fortinet Reports Critical Unauthenticated Vulnerabilities in FortiSandbox Platform
published: April 15, 2026
Fortinet reports two critical vulnerabilities in FortiSandbox (CVE-2026-39808 and CVE-2026-39813) that allow unauthenticated remote attackers to execute commands or bypass authentication via crafted HTTP requests.
Take action: If you run FortiSandbox, make sure it is isolated from the internet and accessible from trusted networks only, then update immediately to version 4.4.9+ or 5.0.6+ depending on your branch. Until you update, restrict API access to trusted IP addresses only. It's a Fortinet product, it will be actively attacked.