The mobile attack surface is expanding as shadow AI embedded in applications, outdated devices, and zero-click exploits converge to create new security risks. Enterprises must update devices, monitor AI components, and strengthen detection to mitigate these threats.

Adversa AI discovered a critical vulnerability in Anthropic's Claude Code agentic coding assistant within days of Anthropic accidentally leaking the product's source code. Claude Code operates with elevated system privileges in developer environments, making exploitation potentially severe — including credential theft, CI/CD pipeline manipulation, and lateral movement. Organizations should audit deployments, rotate credentials, and apply patches immediately once Anthropic releases a fix.

Apple has expanded mitigations against the DarkSword exploit kit to additional devices after the toolkit was used in operations by state-sponsored threat groups and commercial spyware vendors. The expansion follows Apple's standard model of phased protection rollouts across its device ecosystem. All Apple device owners should apply the latest OS updates immediately, and high-risk individuals should enable Lockdown Mode.

CVE-2024-6387 (regreSSHion) is a signal handler race condition in OpenSSH sshd versions 8.5p1 through 9.7p1 that allows unauthenticated remote code execution as root. Discovered by Qualys, the flaw affects an estimated 700,000 publicly exposed servers. Administrators should upgrade to OpenSSH 9.8p1 immediately or set LoginGraceTime 0 as a temporary workaround.

Cisco has patched CVE-2026-20093, a critical authentication bypass vulnerability in the Cisco Integrated Management Controller (IMC) with a CVSS score of 9.8. An unauthenticated remote attacker can exploit the flaw to bypass authentication and gain elevated privileges over affected hardware management interfaces. Administrators should apply Cisco's patch immediately and restrict IMC network access to isolated management VLANs.

CVE-2025-30208 is a path traversal vulnerability in Vite's development server that allows unauthenticated remote attackers to read arbitrary files from the host filesystem by crafting a malicious URL query string. Affected versions span Vite 4.x through 6.2.x, with patched releases available across all supported branches. Teams running Vite dev servers with network exposure should patch immediately and rotate any secrets that may have been accessible.

Two vulnerabilities in Progress ShareFile can be chained to allow unauthenticated remote attackers to exfiltrate files from affected enterprise environments without valid credentials. The attack requires no user interaction and targets a platform historically exploited by ransomware groups including Cl0p. Organizations running self-hosted ShareFile Storage Zones Controller components should apply vendor patches immediately and audit file access logs for signs of prior exploitation.

Researchers are documenting active exploitation of chained vulnerabilities where multiple medium-severity flaws combine to enable full system compromise, alongside continued targeting of legacy software past end-of-life support. Security teams must cross-reference CVE IDs against shared product versions, treat vulnerability chains as elevated-priority findings, and apply vendor patches within tightened SLA windows for internet-exposed assets.

Cisco has patched multiple critical and high-severity vulnerabilities affecting enterprise networking and security products, covering authentication bypass, remote code execution, information disclosure, and privilege escalation. These flaws expose widely deployed Cisco infrastructure to unauthenticated remote exploitation and full device compromise. Administrators should apply patches immediately and restrict management plane access to trusted networks.

The submitted source material is a truncated excerpt from a vendor report on open source consumption trends and does not contain a CVE ID, affected product, vulnerability class, CVSS data, or remediation guidance. A factual vulnerability advisory cannot be produced without these elements. Resubmit with a complete vulnerability disclosure containing a CVE assignment, affected product versions, and patch details.

CVE-2026-3502 is a CWE-494 vulnerability in TrueConf Client where the update mechanism downloads and executes code without verifying integrity or authenticity. An attacker who can intercept or redirect update traffic via MITM, DNS hijacking, or a compromised update server can inject a malicious payload and achieve arbitrary code execution on affected endpoints. CISA has added this vulnerability to the KEV catalog with a federal agency patch deadline of April 16, 2026.

A zero-day vulnerability in TrueConf Server is under active exploitation, allowing attackers to execute arbitrary files on the server and propagate malicious payloads to all connected client endpoints. The flaw is remotely exploitable and does not require valid server credentials, placing all unpatched TrueConf Server deployments at critical risk. Organizations should patch immediately, isolate the server from untrusted networks, and conduct forensic triage on all endpoints with active sessions.