← Back to Security Blog
Security Briefing 6 min read

Patch Now: Microsoft & Apple Zero-Days Under Mass Exploitation

The exploit window has collapsed. What used to take weeks now takes hours. All 6 Microsoft zero-days from Patch Tuesday are now under active exploitation, Apple released an emergency iOS patch, and BeyondTrust RCE was weaponized within 24 hours of PoC release.


Critical Patches Required

Microsoft Patch Tuesday — All 6 Zero-Days Now Exploited

Every zero-day vulnerability disclosed in this week's Patch Tuesday is now being actively exploited in the wild. Organizations that haven't patched should assume compromise.

Microsoft Zero-Day Status

CVE Component Exploitation Status
CVE-2026-21391 Windows Kernel Mass exploitation
CVE-2026-21418 Windows SmartScreen Targeted attacks
CVE-2026-21387 Windows MSHTML Widespread
CVE-2026-21377 Windows Installer Increasing
CVE-2026-21402 Exchange Server Targeted
CVE-2026-21356 Windows Print Spooler Mass exploitation

Apple iOS Zero-Day (CVE-2026-20700) — PATCH NOW

Apple released emergency patches for an "extremely sophisticated" attack targeting specific individuals. The vulnerability allows arbitrary code execution through maliciously crafted web content.

Affected: iOS 17.x, iPadOS 17.x, macOS Sonoma

BeyondTrust RCE — Exploited in 24 Hours

A pre-authentication remote code execution vulnerability in BeyondTrust Privileged Remote Access was weaponized within 24 hours of PoC release. Attackers are actively scanning for vulnerable instances.

If you use BeyondTrust PRA: Patch or isolate immediately. Check access logs for unauthorized activity.


Major Breaches This Week

Organization Records Data Type
Odido (Netherlands) 6.2M Telecom customer data
ApolloMD 400K Patient medical records
Luxury Retail Chain 200K Payment cards

Total breach victims this week: 6.8M+


Kimwolf Botnet Attacks I2P Network

A 2-million-device botnet dubbed "Kimwolf" is actively disrupting the I2P anonymity network. The botnet is performing coordinated DDoS attacks against network nodes, potentially attempting to de-anonymize users.

Fake AI Chrome Extensions

Over 300,000 users infected by malicious Chrome extensions masquerading as AI assistants. The extensions steal browser data and inject ads.

Action: Audit all Chrome extensions across your organization. Remove any recently installed AI-related extensions you don't recognize.


How Kensai Protects You

Real-time CVE Monitoring — All Microsoft zero-days indexed within hours of disclosure

Patch Priority Scoring — AI-powered risk assessment for your specific stack

BeyondTrust Detection — Identify vulnerable PRA instances before attackers do

Supply Chain Scanning — Detect malicious dependencies and extensions


Recommended Actions

  1. Immediate: Apply Microsoft February patches — all 6 zero-days are being exploited
  2. Immediate: Update all Apple devices — sophisticated targeted attack in the wild
  3. Today: Audit BeyondTrust PRA installations — emergency patch required
  4. This Week: Review Chrome extensions across your organization
  5. Ongoing: Monitor for breach notifications — 6.8M records exposed this week

Protect Your Organization with Kensai

AI-powered vulnerability management with 332,000+ CVEs indexed.

Start Free Trial

Stay secure. Stay vigilant.

🗡️ KENSAI Security Team

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →