Security Check-in Quick Hits: Dual Chrome Zero-Days, n8n Exploitation Rampage, Ivanti RESURGE Malware, and Apple’s $15K Bounty Win
For March 16, 2026
Dual Chrome Zero-Days (CVE-2026-3909 & CVE-2026-3910) – Update Your Browser Immediately
Google just pushed an emergency out-of-band patch for two actively exploited zero-days affecting the Skia graphics engine and V8 JavaScript engine. Attackers are chaining them through malicious websites: one triggers out-of-bounds memory access, the other enables arbitrary code execution inside the sandbox. With roughly 3.5 billion Chrome users worldwide, the risk is massive — especially in cloud environments where a browser foothold can lead to lateral movement and privilege escalation.
These flaws were already in the wild before the fix landed in Chrome 146.0.7680.75/76. Researchers and threat teams are sounding the alarm across X.
Why it matters: Browsers are the new perimeter. One click on a poisoned page can compromise an entire network.
Action steps: Force an update now (check Help → About Google Chrome). Enable enhanced safe browsing, use runtime segmentation where possible, and segment browser traffic on corporate networks. If you manage endpoints, deploy the update via your MDM tool today — no exceptions.
n8n Exploitation Rampage (CVE-2025-68613) – CISA Just Added It to the KEV Catalog
The popular workflow automation platform n8n is under active attack. CVE-2025-68613 (CVSS 9.9) lets authenticated users with workflow editing rights inject expressions that escape the sandbox and achieve full remote code execution on the server. Roughly 24,700 instances are still exposed online.
CISA added it to the Known Exploited Vulnerabilities catalog earlier this week (due date for federal agencies: March 25). The flaw was patched in December 2025, but attackers are still hammering unpatched systems — classic “known exploited” territory.
Why it matters: n8n sits in many automation pipelines; compromise gives attackers persistent access, credential theft, and lateral movement.
Action steps: Update to 1.120.4+, 1.121.1+, or 1.122.0+ immediately. If you can’t patch quickly, restrict workflow creation/editing to trusted users only and monitor for suspicious expressions. Consider air-gapping or isolating n8n instances until you’re current.
Ivanti RESURGE Malware – Persistent Backdoor Still Lurking on VPNs
A sophisticated Linux malware family called RESURGE (backdoor + dropper + rootkit + trojan in one 32-bit SO file) continues to exploit the older Ivanti Connect Secure CVE-2025-0282 stack-based buffer overflow. It grants unauthenticated remote code execution, survives reboots, and can stay dormant until attackers decide to wake it.
CISA has issued repeated alerts; the implant is designed to evade detection and maintain long-term access on VPN gateways and ZTA devices.
Why it matters: Ivanti appliances are everywhere in enterprise perimeters. A single dormant implant can turn into a full network breach months later.
Action steps: Patch all Ivanti Connect Secure, Policy Secure, and ZTA gateways to the latest version. Run CISA-recommended scans for RESURGE indicators of compromise. If you suspect compromise, isolate the device and rebuild it — don’t just reboot.
Apple’s $15K Bounty Win – App Store Account Takeover Flaw
Security researcher @_mkahmad earned a $15,000 bounty from Apple for discovering a serious account-takeover vulnerability in the App Store itself. The bug allowed full control in certain scenarios without traditional credentials — essentially a supply-chain risk inside Apple’s own storefront.
The disclosure post exploded on X, with the bug-bounty community celebrating responsible disclosure while noting that even tech giants aren’t immune.
Why it matters: App stores are trusted by billions. A flaw here could have enabled widespread credential theft or malware distribution.
Action steps: Apple users — enable 2FA everywhere and regularly review linked devices and app permissions. Enterprises: treat App Store integrations and managed Apple IDs as high-risk surfaces and monitor for unusual account activity.
Stay safe out there — patch aggressively, monitor your perimeters, and keep an eye on X for the next wave. These four issues prove that even “mature” platforms and tools can bite hard when left unpatched. Check back tomorrow for the next Security Check-in Quick Hits.