Security – TheCyberThrone

CVE-2026-5281 — Google Chrome Dawn Use-After-Free Under Active Exploitation

CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities catalog, marking the fourth Chrome zero-day exploited in the wild during 2026 alone. Federal agencies are required to remediate by April…

PravinKarthik April 2, 2026

Anthropic Code Exposed in Two incidents

Incident 1 — CMS Data Exposure (~March 26, 2026) What happened technically:Anthropic's content management system, used to publish information to sections of the company's website, was misconfigured — leaving draft…

PravinKarthik April 1, 2026

Axios npm Hijacked: 100 Million Weekly Downloads Turned Into a RAT Dropper

What Happened On March 31, 2026, a threat actor hijacked the npm account of the lead Axios maintainer and published two malicious versions of one of the most widely used…

PravinKarthik March 31, 2026

CISA Adds CVE-2025-53521 F5 BIG-IP APM to KEV

CISA has added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog, designating it as actively exploited in the wild. Federal agencies under BOD 22-01 have until March 30, 2026 to patch…

PravinKarthik March 28, 2026

CISA adds Langflow and Trivy bugs to KEV Catalog

Langflow Code Injection Flaw Actively Exploited — CVE-2026-33017 CISA has added a critical code injection vulnerability in Langflow to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.…

PravinKarthik March 27, 2026

Apple Patches numerous vulnerabilities across its products

Apple's latest security update wave — covering iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, watchOS 26.4, tvOS 26.4, visionOS 26.4, Safari 26.4, and Xcode 26.4 — resolves over 85 vulnerabilities.…

PravinKarthik March 26, 2026

TeamPCP Supply Chain Campaign

What Happened — The Attack Chain This is a deliberate, multi-hop campaign, not opportunistic. The attack on LiteLLM started five days earlier with Trivy. On March 19, attackers rewrote Git…

PravinKarthik March 26, 2026

Wiped From Within The Stryker Aftermath

A post-incident deep dive into containment, forensics, legal fallout, and the systemic lessons for enterprise security The dust is beginning to settle around one of the most consequential cyberattacks ever…

PravinKarthik March 25, 2026