Sign up to save your podcasts
Or
Share Another Chrome Zero-Day Another Supply Chain
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Another Chrome Zero-Day Another Supply Chain
Google released Chrome updates fixing 21 vulnerabilities including CVE-2026-5281, a zero-day in the WebGPU Dawn component already exploited in the wild and added to the KEV catalog — the third Chrome zero-day cycle in three weeks. Google attributed the Axios npm supply chain compromise to a state-linked threat cluster, confirming that the developer supply chain is now a battleground for both criminal and state-linked operations. Citrix NetScaler CVE-2026-3055 has been added to the KEV catalog after confirmed exploitation. Fortinet FortiClient EMS CVE-2026-21643 is under active exploitation via SQL injection — another management plane target. A critical zero-click Telegram RCE was disclosed.
Links & Resources- https://securityaffairs.com/176543/hacking/google-chrome-zero-day-cve-2026-5281.html
- https://securityaffairs.com/176530/apt/axios-npm-supply-chain-north-korea.html
- https://securityaffairs.com/176520/hacking/citrix-netscaler-cve-2026-3055-kev.html
- https://securityaffairs.com/176510/hacking/fortinet-forticlient-ems-cve-2026-21643.html
- https://securityaffairs.com/176500/hacking/telegram-zero-click-rce.html
- https://www.cybermaterial.com/p/cyber-briefing-20260401
- https://thehackernews.com/2026/04/chrome-zero-day-dawn-webgpu.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
View all episodes
By Tushar VartakGoogle released Chrome updates fixing 21 vulnerabilities including CVE-2026-5281, a zero-day in the WebGPU Dawn component already exploited in the wild and added to the KEV catalog — the third Chrome zero-day cycle in three weeks. Google attributed the Axios npm supply chain compromise to a state-linked threat cluster, confirming that the developer supply chain is now a battleground for both criminal and state-linked operations. Citrix NetScaler CVE-2026-3055 has been added to the KEV catalog after confirmed exploitation. Fortinet FortiClient EMS CVE-2026-21643 is under active exploitation via SQL injection — another management plane target. A critical zero-click Telegram RCE was disclosed.
Links & Resources- https://securityaffairs.com/176543/hacking/google-chrome-zero-day-cve-2026-5281.html
- https://securityaffairs.com/176530/apt/axios-npm-supply-chain-north-korea.html
- https://securityaffairs.com/176520/hacking/citrix-netscaler-cve-2026-3055-kev.html
- https://securityaffairs.com/176510/hacking/fortinet-forticlient-ems-cve-2026-21643.html
- https://securityaffairs.com/176500/hacking/telegram-zero-click-rce.html
- https://www.cybermaterial.com/p/cyber-briefing-20260401
- https://thehackernews.com/2026/04/chrome-zero-day-dawn-webgpu.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog