CVE-2025-54068 is an unauthenticated code injection vulnerability in Laravel Livewire that allows remote attackers to execute arbitrary code on affected servers under specific application configurations. No credentials are required to exploit the flaw, and successful attacks can result in full server compromise, credential theft, and persistent access. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026.

CVE-2025-32432 is an unauthenticated remote code execution vulnerability in Craft CMS that allows attackers to execute arbitrary code on affected servers without any credentials. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026. Organizations should update Craft CMS to the patched version immediately and apply WAF rules and network isolation if patching cannot be completed at once.

CVE-2026-20131 is an unauthenticated remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) and Security Cloud Control (SCC) caused by unsafe deserialization of Java objects in the web management interface. Successful exploitation grants root-level access to the management appliance and full control over all managed firewalls. CISA has mandated federal agency patching by March 22, 2026; organizations should immediately isolate management interfaces and monitor for patches.

CVE-2026-20963 is a deserialization of untrusted data vulnerability in Microsoft SharePoint that allows unauthenticated remote attackers to execute arbitrary code in the context of the SharePoint service account. Successful exploitation can lead to lateral movement, credential theft, and persistent access across connected Microsoft environments. CISA mandates federal agency patching by March 21, 2026, and all organizations should treat this as a critical priority remediation.

CVE-2025-66376 is a cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite's Classic UI that allows unauthenticated attackers to inject JavaScript via CSS @import directives in HTML emails. Successful exploitation enables session hijacking, credential theft, and full mailbox access within the victim's authenticated session. CISA requires federal agencies to apply Synacor's patch by April 1, 2026.

CVE-2025-47813 is an unauthenticated information disclosure vulnerability in Wing FTP Server that triggers verbose error messages containing sensitive data when an oversized UID cookie value is submitted. No authentication is required to exploit the flaw, making it accessible to any attacker with network reach to an affected instance. CISA has added this CVE to its Known Exploited Vulnerabilities catalog, with federal agencies required to patch by March 30, 2026.

CVE-2026-3909 is an out-of-bounds write vulnerability in Google's Skia graphics engine that allows remote code execution via crafted HTML pages. The flaw affects Google Chrome, ChromeOS, Android, Flutter, and any third-party software using Skia. CISA has mandated federal agency patching by 2026-03-27, and organizations should apply available updates immediately and audit all Skia-dependent software.

CVE-2026-3910 is an out-of-bounds memory buffer vulnerability in Google's Chromium V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the V8 sandbox via a crafted HTML page. The flaw affects all Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera. CISA requires federal agencies to patch by March 27, 2026, and all organizations should deploy updates within 24 to 48 hours of vendor release.

The Iranian-linked hacktivist group Handala launched a global data-wiping attack on medical device maker Stryker using Microsoft Intune's remote wipe capabilities. The attack disrupted operations in 79 countries, wiping over 200,000 devices and impacting healthcare supply chains. Detection involves monitoring unusual Intune activity, and remediation includes revoking credentials and restoring from backups.

Microsoft’s March 2026 Patch Tuesday addresses 77 vulnerabilities including critical privilege escalations in SQL Server and remote code execution flaws in Microsoft Office. Notably, a severe RCE vulnerability discovered by an AI agent was patched without requiring user action. Enterprise administrators should prioritize these updates to mitigate high-risk attack vectors.

CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation engine, caused by improper control of dynamically managed code resources. Attackers with workflow creation access — including unauthenticated users on exposed instances — can execute arbitrary commands with n8n process privileges, potentially compromising credentials and all connected systems. CISA has mandated federal agency remediation by March 25, 2026; all organizations should patch immediately, restrict workflow permissions, and block external access to n8n interfaces.

CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) that allows remote, unauthenticated attackers to access stored credential data including domain accounts, API keys, and service account passwords. Exploitation enables lateral movement and privilege escalation across all endpoints managed by the affected EPM instance. CISA has mandated federal agency remediation by March 23, 2026, and all organizations running Ivanti EPM should apply patches immediately and rotate affected credentials.