CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

February 18, 2026
No Comments

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows –

CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap

Leave a Reply Cancel reply

APIs Under Siege: Wallarm Report Reveals How AI Is Supercharging Modern Cyberattacks February 18, 2026
APIs made up 17% of 67,058 published vulnerabilities in 2025, a total of 11,053 API-related flaws. The overlap between APIs and AI is even more notable. More than a third (36%) of AI vulnerabilities (786 out of 2,185) were API-related. Of the 245 vulnerabilities identified in the U.S. Cybersecurity and Infrastructure Security Agency’s 2025 Known Exploited Vulnerabilities […]
Kirsten Doyle
Eurail User Records Up for Sale on the Dark Web February 18, 2026
Eurail BV has confirmed that some customer data impacted by the previously reported security incident has been offered for sale on the dark web and a sample data set has been posted on Telegram. The company said it is continuing to investigate the scope and impact. Last month, the company revealed that it had experienced a data breach when bad actors […]
Kirsten Doyle
Group IB Report: Attackers Are Industrializing Supply Chain Compromise February 17, 2026
Modern supply chain attacks are no longer isolated events. Rather, phishing, identity theft, malicious extensions, data breaches, ransomware, and extortion are becoming more and more interrelated steps of a single attack chain, where each step reinforces the next. This was one of the findings of Group IB’s High-Tech Crime Trends Report 2026, based on Intelligence drawn from Group-IB’s Digital Crime Resistance Centers (DCRCs) […]
Kirsten Doyle
Picus Red Report 2026: Attackers Choose “Silent Residency” Over Destruction February 17, 2026
A recent report from Picus Labs, has uncovered a chilling evolution in cyber warfare, that it calls “the rise of the Digital Parasite.” The report analyzed more than 1.1 million malicious files and 15.5 million actions last year, and revealed that bad actors have shifted 80% of their resources toward stealth, evasion, and persistence. The report highlighted distinct, highly sophisticated behaviors that allow malware to inhabit systems for months without […]
Kirsten Doyle
Dutch Telecoms Company Odido Discloses Breach Affecting Approximately 6.2 Million Customers February 16, 2026
Dutch telecoms business Odido has disclosed a cyberattack on its customer contact system that happened on 7 February. The personal information of approximately 6.2 million customers was disclosed, including names, residential addresses, mobile phone numbers, email addresses, account numbers, and ID information such as passports and driver’s licenses. In a statement, the company said no passwords, call details or billing information are involved. “We deeply regret this incident […]
Kirsten Doyle
Customer data from Volvo Group North America exposed in Conduent breach February 16, 2026
Almost 17,000 Volvo employees have had their personal data exposed after attackers breached Conduent, an outsourcing company that manages workforce benefits and back-office services. In a filing with the Maine Attorney General, Volvo Group North America said it learned in late January that employee data had been exposed through systems run by Conduent. In a letter to customers, Conduent said: “On 13 January 2025, we discovered that we were the victim of […]
Kirsten Doyle
The Silent Workforce: Non-Human Identities Are the Next Major Security Battleground February 16, 2026
For years, cybersecurity strategies have focused on people. From employees and contractors to partners and insiders, that familiar ‘humans are the weakest link’ rhetoric has defined the industry for decades. The tools and strategies developed to defend against threats, like access management and identity governance, were largely designed with humans in mind. But as artificial […]
Shane Barney
Closing the Cross-Platform Security Gap in Citizen Developer Apps February 13, 2026
In many ways, managing security for citizen-developer apps is like flying several planes built by different manufacturers all at once. That’s because each no-code development platform uses separate dashboards, controls, policy engines, etc. Microsoft Power Platform measures altitude in feet, ServiceNow in meters, Salesforce reports it in knots, and UiPath wants to automate the landing […]
Yair Finzi
The Top Pentesting Platforms of 2026: What You Need to Know February 11, 2026
What to Look for in a Pentesting Platform? As the primary way of finding and exploiting vulnerabilities (before attackers do), pen testing platforms are a popular choice for businesses looking to launch sophisticated simulated attacks at scale. Here is a look at some of the top pen testing tools to watch in 2026, and what […]
Joe Pettit
The Cyberattack That Exposed the Fragility of Digital Heritage February 11, 2026
Saturday 28 October 2023 is a date that will live long in the memory of staff at the British Library. As they arrived for work that day, they encountered chaos taking place. Servers were no longer online. Crucial systems were encrypted. And digital catalogues had disappeared altogether. A cultural institution renowned all over the world, […]
Kashif Nazir

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Leave a Reply Cancel reply

[email protected]

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Share :

Leave a Reply Cancel reply