⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents, and More

Some weeks in security feel normal This article explores new vulnerabilities week. . Then you read a few tabs and get that "ah, great, we're doing this now" feeling right away.

This week has that kind of energy. New messes, old problems getting worse, and research that quickly stops feeling like theory. Some parts were also a little too real. There is a good mix of strange abuse of trusted things, quiet infrastructure ugliness, sketchy talk, and the usual reminder that attackers will use anything that works.

Keep scrolling. You will understand what I mean. ⚡ Threat of the Week: Detection Starts the Clock. Decisions about how to respond affect the outcome.

Early choices affect how big and bad incidents get when they get worse.

Join this SANS IR Command Roundtable to learn how experienced teams avoid investigation drift, improve coordination, and execute faster response across cloud, enterprise, and operational environments. ## 🔔 Top News ## ️‍🔥 Trending CVEs New vulnerabilities show up every week, and the window between disclosure and exploitation keeps getting shorter. The flaws below are this week's most critical — high-severity, widely used software, or already drawing attention from the security community.

Check these first, patch what applies, and don't wait on the ones marked urgent — CVE-2026-3909, CVE-2026-3910, CVE-2026-3913 (Google Chrome), CVE-2026-21666, CVE-2026-21667, CVE-2026-21668, CVE-2026-21672, CVE-2026-21708, CVE-2026-21669, CVE-2026-21671 (Veeam Backup & Replication), CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497 (n8n), CVE-2026-26127, CVE-2026-21262 (Microsoft Windows), CVE-2019-17571, CVE-2026-27685 (SAP), CVE-2026-3102 (ExifTool for macOS), CVE-2026-27944 (Nginx UI), CVE-2025-67826 (K7 Ultimate Security), CVE-2026-26224, CVE-2026-26225 (Intego X9), CVE-2026-29000 (pac4j-jwt), CVE-2026-23813 (HPE Aruba Networking AOS-CX), CVE-2025-12818 (PostgreSQL), CVE-2026-2413 (Ally WordPress plugin), CVE-2026-0953 (Tutor LMS Pro WordPress plugin), CVE-2026-25921 (Gogs), CVE-2026-2833, CVE-2026-2835, CVE-2026-2836 (Cloudflare Pingora), CVE-2026-24308 (Apache ZooKeeper), CVE-2026-3059, CVE-2026-3060, CVE-2026-3989 (SGLang), CVE-2026-0231 (Palo Alto Networks Cortex XDR Broker VM), CVE-2026-20040, CVE-2026-20046 (Cisco IOS XR Software), CVE-2025-65587 (graphql-upload-minimal), CVE-2026-3497 (OpenSSH), CVE-2026-26123 (Microsoft Authenticator for Android and iOS), and CVE-2025-61915 (CUPS).

🎥 Cybersecurity Webinars ## 📰 Around the Cyber World ## 🔧 Cybersecurity Tools Dev Machine Guard → It is a free, open-source tool that scans your computer to show you exactly what developer tools and scripts are running. It creates a simple list of your AI coding assistants, code editor extensions, and software packages to help you find anything suspicious or outdated. It is a single script that works in seconds to give you better visibility into the security of your local coding environment. Trajan → It is an automated security tool designed to find hidden vulnerabilities in "service meshes," which are the systems that manage how different parts of a large software application talk to each other.

Engineers can easily make small mistakes in the settings of these complicated systems that let hackers get around security or steal data. Trajan scans these settings to find the exact mistakes and helps developers fix them before they can be used for bad purposes. Warning: This is only for research and educational purposes.

Not checked for security. Check all code before using it, test it in separate environments, and make sure it follows all relevant laws. ## Final Thoughts There is a lot of stuff in here, but it's not organized. Some of it is the same old recycled mess, some of it seems more planned, and some of it has that bad "this is going to show up everywhere by next week" energy.

Anyway, enough clearing of the throat.

Here are the things you should pay attention to.