← Back to Security Blog
Security Briefing 7 min read

Zero-Day Storm: Apple & Microsoft Under Active Attack

Apple patches an "extremely sophisticated" targeted attack on iOS/macOS, while Microsoft addresses 6 actively exploited zero-days in Patch Tuesday. Meanwhile, a 2M-device botnet disrupts privacy networks, and psychological warfare tactics from threat actors escalate.


Critical Patches Required

Apple Zero-Day (CVE-2026-20700) — PATCH NOW

Apple's dyld (Dynamic Link Editor) has a memory corruption flaw enabling arbitrary code execution. Google TAG discovered this being used in "extremely sophisticated attacks against specific targeted individuals."

Affected: iOS, iPadOS, macOS Tahoe, tvOS, watchOS, visionOS

Microsoft Patch Tuesday — 6 Zero-Days Exploited

CVE Component Impact
CVE-2026-21510 Windows Shell Single-click link bypasses security
CVE-2026-21513 MSHTML Browser engine bypass
CVE-2026-21514 Microsoft Word Document-based bypass
CVE-2026-21533 Remote Desktop Local → SYSTEM privilege
CVE-2026-21519 Desktop Window Manager Privilege escalation
CVE-2026-21525 Remote Access VPN disruption

Total: 59 vulnerabilities (5 Critical, 52 Important)

Other Critical Updates


Major Breaches This Week

Organization Records Type
Odido (Netherlands Telecom) 6.2M Customer data
ApolloMD Healthcare 626K Patient records
Conduent → Volvo Group 17K Employee data
Conpet (Romania Oil) Unknown Qilin ransomware

AI-Powered Threats Surge

Fake AI Chrome Extensions: 30 malicious extensions with 300K+ installs stealing credentials by masquerading as AI assistants.

AMOS Infostealer: macOS users targeted via poisoned AI apps exploiting the AI hype cycle.

Model Theft Warning: Google GTIG warns of hackers using legitimate API access to extract/replicate AI model logic.


Threat Actor Spotlight: SLSH

The Scattered Lapsus ShinyHunters group has evolved beyond ransomware into psychological warfare:

Expert advice: Never negotiate, never pay.


How Kensai Protects You

Real-time CVE Monitoring — All 6 Microsoft zero-days indexed within hours

Patch Priority Scoring — AI-powered risk assessment for your stack

Supply Chain Scanning — Detect abandoned/hijacked dependencies

Continuous Exposure Management — Stay ahead of the 84% without CTEM


Recommended Actions

  1. Immediate: Apply Apple and Microsoft patches
  2. Today: Audit BeyondTrust, WordPress WPvivid, SAP installations
  3. This Week: Review Chrome extensions across your organization
  4. Ongoing: Implement CTEM — only 16% of orgs have it deployed

Protect Your Organization with Kensai

AI-powered vulnerability management with 331,910+ CVEs indexed.

Start Free Trial

Stay secure. Stay vigilant.

🗡️ KENSAI Security Team

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →