Patch/Configuration Management

More than 12,000 internet-exposed instances of open-source AI agent builder Flowise could be compromised by the ongoing exploitation of the maximum-severity code injection flaw, tracked as CVE-2025-59528, which could lead to remote code execution, reports The Hacker News.

BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has called on federal civilian executive agencies to remediate Fortinet FortiClient Enterprise Management Server instances affected by the actively exploited pre-authentication API access bypass zero-day, tracked as CVE-2026-35616, by midnight of Apr. 9, as it added the flaw to its Known Exploited Vulnerabilities catalog.

Experts warn to apply hotfix right away for critical bug exploited in the wild.

The threat cluster, identified as UAT-10608 by Cisco Talos, has compromised at least 766 hosts across various regions and cloud providers.

Researchers at watchTowr identified an authentication bypass (CVE-2026-2699) and a remote code execution flaw (CVE-2026-2701) within the Storage Zones Controller (SZC) component of Progress ShareFile versions 5.x.

Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being exploited by DarkSword.

The vulnerability, tracked as CVE-2026-4415 and rated with a critical severity of 9.2 out of 10, resides in the "pairing" feature of GCC versions 25.07.21.01 and earlier.

Intrusions harnessing a critical SQL injection flaw in Fortinet FortiClient EMS, tracked as CVE-2026-21643, were reported by Defused researchers to have been ongoing since Mar. 24, according to Security Affairs.