CVE-2023-46805 (CVSS 8.2) and CVE-2024-21887 (CVSS 9.1) in Ivanti Connect Secure are being chained to achieve unauthenticated remote code execution on internet-exposed VPN gateways. China-nexus threat group UNC5221 exploited the pair as a zero-day beginning December 2023, deploying custom implants and harvesting credentials from compromised appliances. Organizations must apply Ivanti's patches, perform factory resets on suspected devices, and rotate all credentials that transited affected gateways.

CVE-2026-5281 is a use-after-free vulnerability in Google Dawn, the WebGPU implementation embedded in Chrome, Edge, Opera, and all Chromium-based browsers. An attacker who has compromised the renderer process can exploit the flaw via a crafted HTML page to achieve arbitrary code execution in the GPU process. CISA requires federal agencies to patch by April 15, 2026; all organizations should update affected browsers immediately and audit Electron applications for exposure.

A high-severity credential exposure vulnerability affects enterprise notebooks lacking proper sanitization, full-disk encryption, and credential management controls. Attackers with physical or remote access can extract domain credentials, VPN keys, SSH keys, and browser-stored passwords using freely available tools including Mimikatz and LaZagne. Organizations must enforce verified wipe-and-reimage policies, full-disk encryption with PIN, and immediate credential rotation for all returned or decommissioned devices.

Palo Alto Networks Unit 42 disclosed a security flaw in Google Cloud Vertex AI's permission model that allows attackers to weaponize AI agents for unauthorized data access and cloud environment compromise. The vulnerability stems from over-permissioned service accounts assigned to Vertex AI agents, enabling lateral movement across Google Cloud services without triggering standard security alerts. Organizations should immediately audit Vertex AI service account IAM roles and enforce least-privilege access controls.

Palo Alto Networks Unit 42 disclosed a permission model blind spot in Google Cloud Vertex AI that allows attackers to weaponize AI agents for unauthorized access to sensitive cloud data. The flaw involves improper privilege boundaries at the agent execution layer, enabling privilege escalation via misconfigured or over-provisioned service accounts. Organizations should immediately audit Vertex AI service account permissions, apply least-privilege IAM roles, and enable Cloud Audit Log monitoring for anomalous agent activity.

AI-assisted tooling is compressing exploit development timelines from weeks to hours, reducing the effective patch window for critical CVEs and forcing organizations to accelerate remediation cycles for internet-facing assets. State-sponsored groups and criminal actors are using ML-augmented fuzzing, LLM-assisted shellcode generation, and automated scanning to weaponize vulnerabilities within 24–72 hours of public disclosure. SOC teams and engineers should prioritize perimeter device patching, monitor CISA's KEV catalog, and implement compensating controls during any patch gap.

Check Point Research disclosed a prompt injection vulnerability in OpenAI ChatGPT that allowed a single malicious prompt to silently exfiltrate user messages, uploaded files, and other session data without user knowledge. The flaw requires no authentication beyond a standard ChatGPT session and carries low attack complexity. Organizations should restrict file uploads, avoid using ChatGPT for sensitive data processing, and monitor OpenAI's security advisories for patch confirmation.

CVE-2024-7014 is a reported critical remote code execution vulnerability in the Telegram messaging application, carrying a CVSS score of 9.8, allegedly triggered by a maliciously crafted sticker file with no user interaction required. Telegram disputes the vulnerability's existence and has not issued a patch or security advisory. Security teams should update Telegram clients, disable automatic media downloads, and monitor endpoint behavior pending vendor resolution.

CVE-2026-3055 is a critical (CVSS 9.3) memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway caused by insufficient input validation. An unauthenticated remote attacker can exploit the flaw to leak sensitive memory contents including session tokens and credentials. Defused Cyber and watchTowr have confirmed active reconnaissance activity targeting affected deployments.

Three vulnerabilities in LangChain and LangGraph frameworks allow attackers to access filesystem data, environment secrets, and conversation histories. Users should apply the latest patches and restrict access to mitigate potential data breaches.

CVE-2025-53521 is a stack-based buffer overflow in F5 BIG-IP Access Policy Manager (APM) that allows unauthenticated remote attackers to execute arbitrary code on affected systems. Successful exploitation can lead to full system compromise, session interception, and lateral movement through protected networks. CISA has added the vulnerability to the KEV catalog with a federal patch deadline of March 30, 2026.

CVE-2015-5611 is a CVSS 10.0 remote code execution vulnerability in Fiat Chrysler's Uconnect telematics system affecting 1.4 million vehicles across Jeep, Dodge, Ram, and Chrysler brands. Researchers Charlie Miller and Chris Valasek demonstrated unauthenticated remote exploitation over the Sprint cellular network, gaining full control of steering, braking, and transmission via CAN bus message injection. FCA issued a mandatory recall under NHTSA 15V-461 and the case directly shaped subsequent automotive cybersecurity regulation including UNECE WP.29 R155 and ISO/SAE 21434.