Chrome/Edge/Firefox/iOS/Android/router/VPN/AI ext/Flowise/TP-Link emergency zero-days — active exploitation
Key Questions
What is the main Chrome zero-day vulnerability mentioned?
CVE-2026-5281 is a Dawn UAF zero-day actively exploited in the wild, added to KEV, with patches available in Chrome version 146.0.7680.177 and later. It affects Chrome users globally, prompting urgent patching recommendations.
Which browsers besides Chrome are impacted by recent vulnerabilities?
Edge, Firefox face DoS vulnerabilities like CVE-2026-3909/3910, alongside Chrome issues. Users should update to the latest versions to mitigate risks.
What TP-Link routers are targeted by Russian hackers?
Fancy Bear (APT28) exploited end-of-life TP-Link routers via CVE-2023-50224, compromising over 18,000 devices across 200+ organizations in an FBI Operation Masquerade takedown. Replace affected EOL models immediately.
What is Flowise CVE-2025-59528?
This RCE vulnerability in Flowise is actively exploited with 12-15k exploit attempts. Update to Flowise 3.0.5 or later to prevent compromise.
Are there zero-days affecting mobile devices?
iOS/Android face DoS zero-days like CVE-2026-20431 in Unisoc/Qualcomm/Apple/MediaTek modems, plus Darksword and Coruna exploits. Apple has issued patches; apply updates promptly.
What router and VPN issues are reported?
Belkin CVE-2026-5608 allows RCE/DoS, and StrongSwan has vulnerabilities. TP-Link routers were hijacked for DNS manipulation by Russian actors.
What AI extension vulnerability exists?
Claude extension has a DOM-XSS flaw enabling attacks. Conduct extension audits and update AI tools.
What mitigation steps are recommended?
Force updates via MDM/EDR, audit extensions, replace TP-Link routers, and hunt for IOCs. Status is climaxing with active exploitation across multiple vectors.
Chrome 4th 2026 zd CVE-2026-5281 Dawn UAF KEV exploited wild (patch 146.0.7680.177+)/CVE-2026-3909/3910/Edge/Firefox DoS/Darksword/Coruna iOS/Android Unisoc/Qualcomm/Apple/MediaTek modem DoS CVE-2026-20431/Belkin CVE-2026-5608 RCE/DoS/StrongSwan/Claude ext DOM-XSS/Flowise CVE-2025-59528 RCE active (12-15k exp)/TP-Link EOL Fancy Bear APT28 CVE-2023-50224 (FBI Operation Masquerade takedown 18k devices/200+ orgs); CTEM: force updates/MDM/EDR/ext audits/Flowise 3.0.5+/TP-Link replace.