- 1. Chrome Zero-Day CVE-2026-5281 Actively Exploited
- 2. Next.js CVE-2025-55182 Exploited to Breach 766 Hosts
- 3. Fortinet FortiClient EMS CVE-2026-35616 Under Active Exploitation
- 4. Nuclei Templates v10.2.1/2 Cover 57 New CVEs (10 KEVs)
- 5. China-Linked Storm-1175 Exploiting Zero-Days to Deploy Medusa Ransomware
1. Chrome Zero-Day CVE-2026-5281 Actively Exploited
WhatGoogle confirmed a use-after-free vulnerability in Chrome being exploited in the wild. Patch released; CISA added to KEV.
Source[Forbes](www.forbes.com)
Applies toAll Chrome users (3.5B). Any web app relying on Chrome/browser isolation.
Why it mattersImmediate risk of remote code execution; patch must be deployed across all endpoints.
2. Next.js CVE-2025-55182 Exploited to Breach 766 Hosts
WhatAttackers actively exploiting a Next.js vulnerability to steal credentials from production servers.
Source[The Hacker News](thehackernews.com)
Applies toAll Next.js applications (common in modern web stacks).
Why it mattersHigh-volume credential theft – check any Next.js targets for patching status.
3. Fortinet FortiClient EMS CVE-2026-35616 Under Active Exploitation
WhatCritical vulnerability in FortiClient EMS (endpoint management) being exploited; CISA added to KEV.
Source[The Hacker News](thehackernews.com)
Applies toOrganizations using FortiClient EMS for remote access/VPN.
Why it mattersDirect gateway to lateral movement; prioritize patch if in scope.
4. Nuclei Templates v10.2.1/2 Cover 57 New CVEs (10 KEVs)
WhatProjectDiscovery released new Nuclei templates including detections for 57 CVEs, 10 of which are KEVs. Also includes GCP/Azure cloud config templates.
Source[ProjectDiscovery Blog](projectdiscovery.io)
Applies toAny engagement using Nuclei for scanning (our standard toolkit).
Why it mattersImmediately applicable for reconnaissance and vulnerability scanning – reduces false negatives on active threats.
5. China-Linked Storm-1175 Exploiting Zero-Days to Deploy Medusa Ransomware
WhatStorm-1175 group rapidly weaponizing zero-days (including Chrome and Next.js) to deploy Medusa ransomware.
Source[The Hacker News](thehackernews.com)
Applies toGeneral – any organization with exposed web apps.
Why it mattersTies together multiple zero-days into a coordinated ransomware campaign; emphasizes need for rapid patching and monitoring. 21 results from Forbes, The Hacker News, ProjectDiscovery, GitHub, CISA, PortSwigger, Pentester Land, YesWeHack. ~15 had actionable technical substance; 6 were generic/outdated.
Is your WordPress site exposed to threats like these?
Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.
Scan your site free →