TrendAI Patches Apex One Zero-Day Exploited in the Wild
TrendAI patched CVE-2026-34926, a directory traversal flaw in the on-premises version of Apex One that has been exploited in the wild, with successful abuse allowing an attacker to modify a key table and inject malicious code for deployment to managed agents. Exploitation requires access to the Apex One server and previously obtained administrative credentials, so the immediate priority is applying the update, reviewing server admin access, and confirming no unexpected agent-side changes were pushed before patching was completed. Security tools that manage endpoint agents are high-value targets precisely because a compromise there can propagate changes across an entire fleet.
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco fixed CVE-2026-20223, a maximum-severity Secure Workload flaw that could allow an unauthenticated remote attacker to access sensitive data and make configuration changes across tenant boundaries with Site Admin privileges, affecting both SaaS and on-premises deployments with no available workarounds. Workload segmentation tools sit close to application visibility and policy enforcement, making a full tenant boundary bypass particularly serious — an attacker with that level of access could alter segmentation policy, exfiltrate flow data, or blind defenders to lateral movement. Teams should patch immediately and audit REST API access logs for any anomalous activity prior to the fix.
Google Accidentally Exposed Details of Unfixed Chromium Flaw
Google accidentally exposed technical details for an unpatched Chromium issue that can keep JavaScript running after a browser is closed, affecting all Chromium-based browsers including Chrome, Edge, Brave, Opera, Vivaldi, and Arc. The flaw doesn’t appear to bypass browser security boundaries or provide access to local files, but could support abuse such as unwanted background execution, proxying malicious traffic, or contributing to DDoS activity without user awareness. The accidental disclosure raises the exploitation risk window significantly, as technical details are now public before a complete fix is available across the affected browser ecosystem.
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Researchers detailed Showboat, also tracked as kworker, a Linux post-exploitation framework used by China-aligned threat clusters against telecommunications and ISP environments in Afghanistan, Central Asia, the Middle East, and disputed regions. Black Lotus Labs observed the malware scanning for and infecting systems on local networks that aren’t directly internet-facing, allowing operators to move laterally through internal routing infrastructure after an initial foothold. Telco and ISP defenders should treat Linux infrastructure, internal routing paths, and lateral movement telemetry as priority visibility gaps, particularly in environments where east-west traffic monitoring is limited.
CrowdSec reported mass exploitation attempts against CVE-2024-9643, a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers commonly deployed in remote industrial, utility, warehouse, retail, and branch environments, where successful exploitation grants administrator access through hard-coded credentials in the web interface. Compromised edge routers in these environments can be repurposed as botnet nodes, traffic proxies, or persistent footholds into poorly segmented OT and operational networks. Organizations using Four-Faith routers should prioritize patching, audit for signs of unauthorized access, and verify that management interfaces are not exposed to the internet.
