Tag: flaw
-
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smartermail-auth-bypass-flaw-now-exploited-to-hijack-admin-accounts/
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Cryptohack Roundup: South Korea Busts $102M Laundering Ring
Also: $7 Million Saga and $5 Million Makina Finance Exploits. This week, South Korea dismantled a million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win Ethereum transaction…
-
Zero-Day Flaw in Cisco Unified Communications Being Targeted
Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise. Attackers are targeting a zero-day vulnerability in Cisco’s Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist. First seen on govinfosecurity.com Jump to…
-
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years.The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7.”Telnetd in GNU Inetutils…
-
Critical SmarterMail vulnerability under attack, no CVE yet
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with…
-
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/appsmith-flaw-account-takeovers/
-
Bank of England: Financial sector failing to implement basic cybersecurity controls
Mind the cyber gap similar flaws highlighted multiple years in a row First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/financial_sector_cyber_gap/
-
Critical Vivotek Flaw Enables Remote Arbitrary Code Execution
Tags: ai, botnet, cctv, cve, cyber, flaw, injection, intelligence, iot, reverse-engineering, vulnerabilityAkamai’s Security Intelligence and Response Team (SIRT) uncovered a serious command injection vulnerability in legacy Vivotek IoT camera firmware. Tracked as CVE-2026-22755, the flaw lets remote attackers inject and run arbitrary code as root without authentication. Researchers used AI-driven reverse engineering to find it, confirming impact on dozens of older camera models. This boosts botnet…
-
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual…
-
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for…
-
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
Tags: attack, cisa, cisco, communications, cve, cyber, exploit, flaw, kev, rce, remote-code-execution, service, vulnerability, zero-dayCISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multiple Cisco Unified Communications products, including Unified CM, Unified CM Session Management Edition (SME), Unified CM IM & Presence Service, Cisco…
-
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments
Tags: ai, api, cloud, control, credentials, cve, cyber, flaw, framework, hacker, Internet, open-source, pypi, vulnerabilityZafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran…
-
Node.js binary-parser Library Flaw Enables Malicious Code Injection
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affects versions before 2.3.0 and stems from unsafe dynamic code generation. Developers using untrusted input for parser definitions face severe risks, including full process…
-
RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/realhomes-crm-plugin-flaw/
-
Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure
VulnCheck analysts found that vulnerabilities exploited before being publicly disclosed rose from 23.6% in 2024 to 28.96% in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zeroday-exploits-surge-vulncheck/
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
Another week, another emergency patch as Cisco plugs Unified Comms zero-day
The critical-rated flaw leaves unpatched systems open to full takeover First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/another_week_another_emergency_patch/
-
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible…
-
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover
Tags: access, authentication, cisa, cve, cvss, cyber, data-breach, exploit, firewall, flaw, fortinet, Internet, malicious, threat, vulnerabilityThreat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited…
-
Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access
Tags: access, cisco, communications, cve, cyber, exploit, flaw, rce, remote-code-execution, service, vulnerability, zero-dayCisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM SME), Unified Communications Manager IM & Presence Service (IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance. Tracked as CVE-2026-20045, the vulnerability carries…
-
U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog
Tags: cisa, cisco, communications, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Unified Communications products vulnerability, tracked as CVE-2026-20045 (CVSS score of 8.2), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco patched a critical zero-day…
-
Attacks Target Freshly Patched, Critical Fortinet Flaws
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances. Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet’s FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch. First seen on govinfosecurity.com Jump…
-
Attacks Target Freshly Patched, Critical Fortinet Flaws
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances. Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet’s FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch. First seen on govinfosecurity.com Jump…
-
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/cisco-enterprise-communications-cve-2026-20045/
-
ACME flaw in Cloudflare allowed attackers to reach origin servers
Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path.…
-
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked…
-
CI/CD Under Attack: What the AWS CodeBuild “CodeBreach” Flaw Reveals About Modern Supply Chain Risk
A recent disclosure revealed a critical flaw in AWS CodeBuild that could allow attackers to abuse CI/CD pipelines and inject malicious code into trusted software builds by exploiting weaknesses in webhook validation, according to WebProNews. Rather than targeting production systems directly, the issue exposed how attackers can compromise software supply chains by manipulating trusted automation.…
-
Critical Vulnerability in Advanced Custom Fields: Extended Plugin Puts 100,000 WordPress Sites at Risk
A critical security flaw has been discovered in a widely used ACF add-on plugin for WordPress, placing up to 100,000 websites at risk of a full site takeover. The vulnerability affects the Advanced Custom Fields: Extended plugin, an add-on designed to extend the functionality of the popular Advanced Custom Fields ecosystem. An advisory issued about…