News

Google Confirms Exploitation of CVE-2026-21385 in Qualcomm Android Component

Luciano Ferrari

05 Mar 2026 — 2 min read

Thursday, March 5, 2026

Top 5 Cybersecurity Stories You Should Know

Google Confirms Exploitation of CVE-2026-21385 in Qualcomm Android Component — tl;dr: Google has confirmed the exploitation of CVE-2026-21385, a high-severity buffer over-read vulnerability in a Qualcomm component used in Android devices, with a CVSS score of 7.8. This flaw, reported by Google's Android Security team, allows for potential memory corruption due to unchecked user-supplied data. While specific exploitation details remain scarce, Google warns of targeted attacks. The March 2026 Android security update addresses this vulnerability along with 128 others, urging affected users to apply the patches promptly to mitigate risks.
↪ https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
CISA Alerts on CVE-2026-22719 Vulnerability in VMware Aria Operations — tl;dr: CISA has identified a critical command injection vulnerability (CVE-2026-22719) in VMware Aria Operations, formerly known as vRealize Operations. This flaw, which allows unauthenticated attackers to execute remote code, poses significant risks to organizations using the platform. CISA mandates that Federal Civilian Executive Branch agencies apply patches by March 24, 2026, while private sector users are urged to act immediately. Organizations should review affected versions, apply patches, disable risky migration features, and monitor for unauthorized access to mitigate potential threats.
↪ https://cyberpress.org/vulnerability-in-vmware-aria-operations/
CISA Alerts on CVE-2026-21385 Memory Corruption in Qualcomm Chipsets — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical memory corruption vulnerability in Qualcomm chipsets, tracked as CVE-2026-21385, which is actively being exploited in attacks. This flaw arises from an integer overflow during memory allocation, potentially allowing attackers to execute arbitrary code and escalate privileges across a wide range of devices, including smartphones and IoT systems. Organizations using affected chipsets are urged to apply patches from Qualcomm immediately and monitor for unusual behavior, with a remediation deadline set for March 24, 2026.
↪ https://gbhackers.com/cisa-warns-qualcomm-chipsets-memory-corruption-vulnerability/
FBI Visits Journalist's Home Over Article, Raises Concerns on Press Freedom — tl;dr: A journalist's home was visited by FBI agents following a formal request from Mexico regarding an article he wrote. This incident has sparked a deeper investigation into the FBI's motivations and the implications for press freedom. The journalist's experience highlights the potential legal and personal risks faced by those in the media, particularly in the cybersecurity field. As the situation unfolds, it underscores the importance of protecting journalistic integrity and the need for transparency in governmental actions against reporters.
↪ https://this.weekinsecurity.com/
LexisNexis Breach: 2.04 GB of Data Stolen via React2Shell Vulnerability — tl;dr: A threat actor named FulcrumSec has claimed responsibility for breaching LexisNexis, stealing 2.04 GB of sensitive data from its AWS cloud infrastructure. The breach, which exploited an unpatched React2Shell vulnerability, exposed critical flaws in access controls and credential management, affecting millions of database records and user profiles, including those linked to government officials. Organizations are urged to enforce least-privilege IAM roles, promptly apply patches, and monitor access logs. LexisNexis has not yet confirmed the incident, raising concerns over cloud security in the legal sector.
↪ https://cyberpress.org/lexisnexis-data-breach/