News

Google Patches High-Severity Zero-Day Flaw CVE-2026-2441 in Chrome CSS Engine

Luciano Ferrari

17 Feb 2026 — 2 min read

Tuesday, February 17, 2026

Top 5 Cybersecurity Stories You Should Know

Google Patches High-Severity Zero-Day Flaw CVE-2026-2441 in Chrome CSS Engine — tl;dr: Google has released an emergency update for Chrome to address a critical zero-day vulnerability, tracked as CVE-2026-2441, affecting the browser's CSS engine. This flaw, reported by researcher Shaheen Fazim, allows remote attackers to execute arbitrary code by tricking users into visiting malicious web pages. The update, which brings Chrome to version 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux, is being rolled out gradually. Users are strongly advised to update their browsers immediately to mitigate potential risks associated with this active exploitation.
↪ https://cyberinsider.com/google-releases-emergency-chrome-update-to-fix-zero-day-flaw-in-css-engine/
CVE-2026-22153: High-Risk Authentication Bypass in Fortinet FortiOS — tl;dr: CVE-2026-22153 is a high-severity authentication bypass vulnerability affecting Fortinet's FortiOS versions 7.6.0 to 7.6.4. This flaw allows unauthenticated attackers to bypass LDAP authentication mechanisms, potentially granting unauthorized access to sensitive systems and data. Organizations using affected FortiOS versions are at increased risk of data breaches and malware deployment. It is crucial for users to apply the latest patches and review their LDAP server configurations to mitigate this vulnerability and protect their network security.
↪ https://securityvulnerability.io/vulnerability/CVE-2026-22153
Ivanti EPMM Zero-Days CVE-2026-1281 & CVE-2026-1340 Enable RCE Attacks — tl;dr: Ivanti Endpoint Manager Mobile (EPMM) has critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, allowing unauthenticated remote code execution via crafted HTTP requests, with a CVSS score of 9.8. These zero-day vulnerabilities are actively exploited, posing significant risks to organizations using affected EPMM versions (12.5.0.0 and prior). Immediate action is required: apply the appropriate RPM updates as per Ivanti's advisory and conduct thorough checks for signs of compromise. A permanent fix is expected in version 12.8.0.0, scheduled for Q1 2026.
↪ https://horizon3.ai/attack-research/vulnerabilities/cve-2026-1281-cve-2026-1340/
CISA Releases Known Exploited Vulnerabilities Catalog for Cybersecurity Defense — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has published the Known Exploited Vulnerabilities (KEV) Catalog, an essential resource for organizations to manage vulnerabilities actively exploited in the wild. This catalog aids cybersecurity professionals in prioritizing their vulnerability management efforts. It includes detailed information on vulnerabilities from various vendors, including BeyondTrust, SolarWinds, and Microsoft, along with mitigation strategies. Organizations are advised to review the catalog regularly and implement vendor-recommended mitigations to safeguard their systems against potential exploits.
↪ https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CISA Addresses Evolving Cyber Threats and Incident Response Strategies — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) is actively tracking and sharing information on the latest cybersecurity threats, including malware, phishing, and ransomware. With nation-state actors increasingly exploiting vulnerabilities, CISA emphasizes the importance of collective defense against cyber-attacks, which pose risks to national security. Organizations are encouraged to utilize CISA's resources, including alerts, advisories, and the Known Exploited Vulnerabilities (KEV) catalog, to prioritize their cybersecurity measures and respond effectively to incidents. Staying informed and proactive is essential for safeguarding critical infrastructure and maintaining operational resilience.
↪ https://www.cisa.gov/topics/cyber-threats-and-response