The U.S. DOJ, alongside Canadian and German authorities, dismantled four major IoT botnets—Aisuru, Kimwolf, JackSkid, and Mossad—that compromised over three million devices and launched hundreds of thousands of DDoS attacks. The disruption targeted infrastructure used to attack Department of Defense IPs and aimed to prevent further infections and attacks. Users should audit and update IoT devices and monitor for suspicious activity.

CVE-2025-43510 is an improper locking vulnerability in Apple's shared memory subsystem affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A malicious local application can exploit the flaw to corrupt inter-process shared memory, enabling privilege escalation or system service disruption. CISA has added the vulnerability to its KEV catalog with a mandatory federal patch deadline of April 3, 2026.

CVE-2025-31277 is a buffer overflow vulnerability in Apple Safari and across iOS, iPadOS, macOS, watchOS, visionOS, and tvOS that allows an attacker to corrupt memory and achieve remote code execution when a user processes maliciously crafted web content. No authentication or user interaction beyond visiting a malicious URL is required. CISA has added the flaw to its Known Exploited Vulnerabilities catalog with a federal patch deadline of April 3, 2026; all organizations should apply Apple security updates immediately.

CVE-2025-32432 is an unauthenticated remote code execution vulnerability in Craft CMS that allows attackers to execute arbitrary code on affected servers without any credentials. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026. Organizations should update Craft CMS to the patched version immediately and apply WAF rules and network isolation if patching cannot be completed at once.

CVE-2025-54068 is an unauthenticated code injection vulnerability in Laravel Livewire that allows remote attackers to execute arbitrary code on affected servers under specific application configurations. No credentials are required to exploit the flaw, and successful attacks can result in full server compromise, credential theft, and persistent access. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026.

CVE-2025-43520 is a classic buffer overflow vulnerability affecting Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS that allows a malicious application to write to kernel memory or crash the system. Exploitation requires local code execution via a malicious app and cannot be triggered remotely without a separate delivery vector. CISA has added this flaw to its Known Exploited Vulnerabilities catalog with a federal patch deadline of April 3, 2026; all organizations should apply Apple's latest OS updates immediately.

CVE-2026-20131 is an unauthenticated remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) and Security Cloud Control (SCC) caused by unsafe deserialization of Java objects in the web management interface. Successful exploitation grants root-level access to the management appliance and full control over all managed firewalls. CISA has mandated federal agency patching by March 22, 2026; organizations should immediately isolate management interfaces and monitor for patches.

CVE-2025-66376 is a cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite's Classic UI that allows unauthenticated attackers to inject JavaScript via CSS @import directives in HTML emails. Successful exploitation enables session hijacking, credential theft, and full mailbox access within the victim's authenticated session. CISA requires federal agencies to apply Synacor's patch by April 1, 2026.

CVE-2026-20963 is a deserialization of untrusted data vulnerability in Microsoft SharePoint that allows unauthenticated remote attackers to execute arbitrary code in the context of the SharePoint service account. Successful exploitation can lead to lateral movement, credential theft, and persistent access across connected Microsoft environments. CISA mandates federal agency patching by March 21, 2026, and all organizations should treat this as a critical priority remediation.

CVE-2025-47813 is an unauthenticated information disclosure vulnerability in Wing FTP Server that triggers verbose error messages containing sensitive data when an oversized UID cookie value is submitted. No authentication is required to exploit the flaw, making it accessible to any attacker with network reach to an affected instance. CISA has added this CVE to its Known Exploited Vulnerabilities catalog, with federal agencies required to patch by March 30, 2026.

CVE-2026-3910 is an out-of-bounds memory buffer vulnerability in Google's Chromium V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the V8 sandbox via a crafted HTML page. The flaw affects all Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera. CISA requires federal agencies to patch by March 27, 2026, and all organizations should deploy updates within 24 to 48 hours of vendor release.

CVE-2026-3909 is an out-of-bounds write vulnerability in Google's Skia graphics engine that allows remote code execution via crafted HTML pages. The flaw affects Google Chrome, ChromeOS, Android, Flutter, and any third-party software using Skia. CISA has mandated federal agency patching by 2026-03-27, and organizations should apply available updates immediately and audit all Skia-dependent software.