- CVE-2025-53521 – F5 BIG-IP DoS (Actively Exploited)
- CVE-2026-23813 – Critical (CVSS 9.8) Unpatched
- Bypassing Windows Administrator Protection via UI Abuse
- CISA KEV – VMware ESXi Information Disclosure
- CISA KEV – 5 New Flaws Including Apple Multiple
CVE-2025-53521 – F5 BIG-IP DoS (Actively Exploited)
WhatA CVSS 7.5 DoS vulnerability in F5 BIG-IP that is being actively exploited when an APM Access Policy is configured on a virtual server.
Source[Greenbone March 2026 Threat Report](www.greenbone.net)
Applies toOrganizations using F5 BIG-IP with APM policies
Why it mattersCISA confirms active exploitation – patch or mitigate immediately to avoid service disruption.
CVE-2026-23813 – Critical (CVSS 9.8) Unpatched
WhatA critical remote code execution vulnerability (CVSS 9.8) reported in March 2026; details sparse but score indicates pre-auth, no user interaction required.
SourceSame Greenbone report [Link](secinfo.greenbone.net)
Applies toGeneral – check for affected products
Why it mattersScore 9.8 means broad impact likely; identify and patch as soon as PoC emerges.
Bypassing Windows Administrator Protection via UI Abuse
WhatResearch describes how an attacker with limited user access can abuse UI automation to bypass Windows Administrator Protection (formerly LUA).
Source[Project Zero Feed via Feeder](feeder.co)
Applies toWindows systems with Admin Protection enabled
Why it mattersLow-privilege to admin escalation technique – review UAC/Admin Protection configurations.
CISA KEV – VMware ESXi Information Disclosure
WhatCISA added a VMware ESXi, Workstation, and Fusion info disclosure vulnerability to its Known Exploited Vulnerabilities catalog.
Source[The Cyber Express – CISA KEV Update](thecyberexpress.com)
Applies toVMware hypervisor users
Why it mattersActive exploitation means attackers are using this to leak sensitive data from virtualized environments.
CISA KEV – 5 New Flaws Including Apple Multiple
WhatCISA added five actively exploited vulnerabilities, including multiple Apple platform flaws.
Source[Reddit /r/TechNadu](www.reddit.com)
Applies toApple devices (iOS/macOS) and other appliances in catalog
Why it mattersApple enterprise devices are prime targets; ensure MDM enforces latest patches.
Is your WordPress site exposed to threats like these?
Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.
Scan your site free →