Google's March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006. There are indications that CVE-2026-21385 may be under limited, targeted exploitation.

Source: The Hacker News

The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. The bulletin notes indications that CVE-2026-21385 may be under limited, targeted exploitation. The flaw resides in the Qualcomm Display component and is rated High severity.

Source: Help Net Security

The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. It was fixed by the Windows maker as part of its February 2026 Patch Tuesday update.

Source: The Hacker News

A high-severity flaw in Google Chrome's Gemini AI assistant allows attackers to access cameras, microphones, and local files remotely. Tracked as CVE-2026-0628, it needs no clicks beyond opening the AI panel. Palo Alto Networks' Unit 42 found it and reported on October 23, 2025. Google patched it January 5, 2026.

Source: VPN Central

In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: RedPacket Security

VS Code January 2026 release unveils a multi‑agent development hub with faster chat and streamlined sessions. It adds Claude compatibility, MCP Apps, Copilot Memory, and rich editor, terminal, and security improvements for a smarter coding experience. Update 1.109.1 addresses security issues, while the update features improvements to multi-agent development capabilities.

Source: Releasebot.io

VS Code now supports Ghostty as an external terminal on macOS and Linux. Native browser integration in chat, enabling you to interact with page elements, capture screenshots for visual debugging, and access real-time browser console logs directly by AI agents. Claude Agent now supports MCP (Model Context Protocol) servers. MCP servers installed via VS Code or the Claude CLI are automatically picked up, enabling extended tool capabilities.

Source: Visual Studio Code

Update 1.109.1: The update addresses these security issues. Update 1.109.2: The update addresses an issue with chat. Chat responses can now render interactive Mermaid diagrams with the renderMermaidDiagram tool. This lets models use flowcharts, sequence diagrams, and other visualizations to visually break down complex concepts.

Source: Visual Studio Code

AWS launched Security Hub Extended with curated partner solutions for full-stack enterprise security, and introduced Elemental Inference for AI-powered video transformation for mobile platforms. AWS also announced Strands Labs as a separate Git organization for experimental agentic AI projects with three initial projects: Robots, Robots Sim, and AI Functions.

Source: AWS News Blog

AWS data centers in the UAE and Bahrain were hit by drone strikes on March 3, 2026, causing structural damage, power disruptions, and fires requiring suppression activities. The incident has raised concerns about data center security and resilience in regions experiencing geopolitical tensions, potentially affecting future infrastructure investments.

Source: AGBI

AWS announced that Tools for PowerShell v4.x will enter maintenance mode on March 1, 2026 and reach end-of-support on June 1, 2026. During maintenance mode, it will only receive critical bug fixes and security updates, with no new service features or changes to existing services.

Source: AWS Developer Tools Blog

Cloudflare announced 'vinext' on March 2, 2026, a complete reimplementation of Next.js built on Vite that claims 94% API compatibility. The project was built using AI coding agents and aims to provide an alternative to Next.js that works with existing app/, pages/, and next.config.js files while deploying to Cloudflare Workers.

Source: Cloudflare Blog

Netlify disclosed CVE-2026-23864 on January 26, 2026, a denial-of-service vulnerability affecting React Server Components with a CVSS score of 7.5. The vulnerability impacts Next.js and other React metaframeworks, requiring immediate attention from developers.

Source: Netlify Changelog

Published February 12, 2026, Vercel announced improvements to Next.js for better integration with AI coding agents. The update includes experimental in-browser agent support, MCP integration, and improved logging designed to treat agents as first-class users of the framework.

Source: Next.js Official Blog