CP
cyberpings
VulnerabilitiesHIGH

CISA Flags Two Exploited Vulnerabilities: Act Now!

CICISA Advisories
CVE-2026-3909CVE-2026-3910CISAGoogle SkiaGoogle Chromium
🎯

Basically, CISA found two security flaws that hackers are actively using to attack systems.

Quick Summary

CISA has identified two new vulnerabilities that hackers are actively exploiting. Both Google Skia and Chromium users are at risk. Organizations must act quickly to patch these vulnerabilities and protect their systems.

The Flaw

On March 13, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are CVE-2026-3909, an Out-of-Bounds Write? vulnerability in Google Skia, and CVE-2026-3910, an unspecified vulnerability in Google Chromium's V8 engine?. Both vulnerabilities have been confirmed to be actively exploited, making them critical for organizations to address immediately.

Out-of-Bounds Write? vulnerabilities occur when a program writes data outside the boundaries of allocated memory. This can lead to unpredictable behavior, including the potential for attackers to execute arbitrary code. The unspecified vulnerability in Chromium's V8 engine? poses similar risks, as it can be exploited to compromise the integrity of web applications and services.

What's at Risk

These vulnerabilities are particularly concerning because they serve as frequent attack vectors for malicious cyber actors. The federal enterprise is at significant risk, as these vulnerabilities can be exploited to gain unauthorized access to sensitive information and systems. The Binding Operational Directive (BOD)? 22-01 emphasizes the need for Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities promptly to protect against active threats.

The implications extend beyond federal agencies; organizations across various sectors need to be aware of these vulnerabilities. By not addressing them, companies risk exposing themselves to cyberattacks that could lead to data breaches or system failures.

Patch Status

CISA's KEV Catalog is a living document that lists vulnerabilities deemed significant risks. The agency will continue to update this catalog as new vulnerabilities are identified. While BOD 22-01 specifically applies to FCEB agencies, CISA strongly encourages all organizations to prioritize the remediation? of vulnerabilities listed in the KEV Catalog.

Organizations should check their systems for the presence of these vulnerabilities and implement necessary patches or mitigations. Timely remediation? is essential to reduce the risk of exploitation.

Immediate Actions

Organizations should take immediate steps to address these vulnerabilities. Here are some recommended actions:

  • Assess your systems for the presence of CVE?-2026-3909 and CVE?-2026-3910.
  • Implement patches provided by Google or other vendors as soon as possible.
  • Review your vulnerability management practices to ensure timely remediation? of all known vulnerabilities.

By acting quickly, organizations can protect themselves against potential cyberattacks that exploit these vulnerabilities. CISA will continue to monitor and update the KEV Catalog, so staying informed is crucial for maintaining cybersecurity resilience.

💡 Tap dotted terms for explanations

🔒 Pro insight: The active exploitation of these vulnerabilities highlights the urgency for organizations to enhance their vulnerability management strategies.

Original article from

CISA Advisories · CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Windows 11 Bug Locks Users Out of System Drive C

A critical bug in Windows 11 is locking users out of their system drives. Affected Samsung devices are unable to access essential applications. Microsoft is investigating the issue and advises users to wait for a patch.

Cyber Security News·
HIGHVulnerabilities

Critical Coruna Flaw Fixed for Older iPhones and iPads

Apple has issued critical updates for older iPhones and iPads to fix the Coruna flaw. This vulnerability could expose sensitive data, making it essential for users to update their devices. Protect yourself by ensuring your device is up to date.

SC Media·
HIGHVulnerabilities

Cisco Catalyst SD-WAN Vulnerability Under Active Exploitation

CISA warns of a critical vulnerability in Cisco Catalyst SD-WAN systems. Federal agencies must act quickly to secure their networks. This flaw poses serious risks to sensitive data and operations.

SC Media·
MEDIUMVulnerabilities

Windows Autopatch to Default to Hotpatch Security Updates

Microsoft will soon enable hotpatch security updates by default for Windows Autopatch users. This change affects devices running Windows 11 version 24H2 or later. It aims to speed up security updates without requiring reboots, enhancing user experience and security.

SC Media·
HIGHVulnerabilities

Google Chrome Flaws Added to CISA's Exploited Vulnerabilities List

CISA has added two high-severity Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Millions of users are at risk, as these flaws have already been exploited in the wild. Immediate updates and awareness are crucial to protect against potential attacks.

Security Affairs·
HIGHVulnerabilities

Old Industrial Controllers Spark Bidding War on eBay

A bidding war on eBay for 30-year-old industrial controllers raises cybersecurity concerns. These outdated systems pose risks to critical infrastructure. Immediate action is needed to secure them.

Dark Reading·