CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error

AWS-LC is a general-purpose cryptographic library maintained by AWS. We identified CVE-2026-4428 affecting X.509 certificate verification. A logic error in the CRL (Certificate Revocation List) distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point (IDP) extensions. Applications that do not enable CRL checking (X509_V_FLAG_CRL_CHECK) are not affected. Applications using complete (non-partitioned) CRLs without IDP extensions are also not affected.

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 

CVE-2026-26117 lets low-privileged users hijack Azure Arc, escalate to SYSTEM, and take over the machine’s cloud identity and RBAC access.

Microsoft Patch Tuesday, March 2026 Edition – Krebs on Security

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution.

Apple fixes zero-day flaw used in 'extremely sophisticated' attacks

Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals.

Microsoft's Valentine's gift to admins: 6 exploited zero-day fixes

: Roses are red, violets are blue ... now get patching

Fortinet unearths another critical bug as SSO accounts borked post-patch

: More work for admins on the cards as they await a full dump of fixes