Tag: vulnerability
-
Many Bluetooth devices with Google Fast Pair vulnerable to “WhisperPair” hack
Even Google’s own earbuds are vulnerable to the Fast Pair hack. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2026/01/researchers-reveal-whisperpair-attack-to-eavesdrop-on-google-fast-pair-headphones/
-
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads
Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk? First seen on hackread.com Jump to article: hackread.com/years-old-vulnerable-apache-struts-2-downloads/
-
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Tags: vulnerabilityExperts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/critical-bugs-delta-industrial-plcs
-
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/
-
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit.The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for…
-
Incorporating Geopolitical Risk Into Your IT Strategy
Scenario Planning Must Model Disruption, Strengthen Cyber Basics, Build Redundancy. IT organizations know how to plan for outages, but even the most rigorously designed strategy is vulnerable to the shifting winds of geopolitics. CIOs and technology leaders need to know how their organizations will respond to geopolitical disruptions, and scenario planning needs to be a…
-
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Tags: access, advisory, attack, authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, kev, mitigation, threat, update, vpn, vulnerability, zero-dayExploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have historically been common targets for cyber attackers, with 23 Fortinet CVEs currently on the CISA KEV list. Public exploit code has…
-
Beyond Testing: API Security as the Foundational Intelligence for an ‘industry leader’-Level Security Strategy
Tags: ai, api, application-security, attack, business, ciso, communications, container, data, detection, gartner, governance, intelligence, risk, service, strategy, technology, tool, vulnerabilityIn today’s security landscape, it’s easy to get lost in a sea of acronyms. But one layer has become the undisputed foundation for modern application security: API security. Why? Because APIs are no longer just part of the application, they are the application. They are the connective tissue for microservices, third-party data, and the explosive…
-
Exploit code public for critical FortiSIEM command injection flaw
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet’s Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-code-public-for-critical-fortisiem-command-injection-flaw/
-
Flaw in AI Libraries Exposes Models to Remote Code Execution
3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face. Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/flaw-in-ai-libraries-exposes-models-to-remote-code-execution-a-30519
-
Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed
Microsoft kicks off 2026 with 115 security updates, including a fix for an actively exploited zero-day. Protect your Windows and Office systems today. First seen on hackread.com Jump to article: hackread.com/microsoft-january-2026-patch-tuesday-vulnerabilities/
-
Hackers Launch Over 91,000 Attacks on AI Systems Using Fake Ollama Servers
A new investigation by GreyNoise reveals a massive wave of over 90,000 attacks targeting AI tools like Ollama and OpenAI. Experts warn that hackers are conducting “reconnaissance” to map out vulnerabilities in enterprise AI systems. First seen on hackread.com Jump to article: hackread.com/hackers-attack-ai-systems-fake-ollama-servers/
-
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
-
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
-
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to leak configuration data or enable code execution. The first vulnerabilty, tracked as CVE-2025-64155 (CVSS score…
-
U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Windows vulnerability, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft Patch Tuesday security updates for January 2026 release…
-
Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day
Microsoft Patch Tuesday addressed 112 security flaws across Windows, Office, Azure, Edge, and more, including eight critical vulnerabilities, kicking off the new year with a major patch update. Microsoft Patch Tuesday security updates for January 2026 release 112 CVEs affecting Windows, Office, Azure, Edge, SharePoint, SQL Server, SMB, and Windows management services. Including third-party Chromium…
-
Multiple Elastic Vulnerabilities Could Lead to File Theft and DoS
Elastic has released urgent security patches addressing four significant vulnerabilities in Kibana that could enable attackers to steal sensitive files, trigger service outages, and exhaust system resources. The advisories, published on January 14, 2026, affect multiple Kibana versions spanning from 7.x through 9.2.3. Critical File Disclosure and SSRF Vulnerability The most severe flaw, CVE-2026-0532, has…
-
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.”Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe…
-
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.”An improper neutralization of special elements used in an OS command (‘OS…
-
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by…
-
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition.”Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability,” Node.js’s…
-
Microsoft Fixes Three Zero-Days on Busy Patch Tuesday
Microsoft has patched three zero-day vulnerabilities in the first patch Tuesday of 2026, including one under active exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-three-zerodays-busy/
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
Microsoft Patchday Januar 2026 – Viele kritische Schwachstellen und immer mehr Rechteausweitungen
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-januar-2026-patches-updates-a-a9ca331e209026f83e5793905fb06182/
-
French data regulator fines telco subsidiaries $48 million over data breach
France’s data protection regulator fined the subsidiaries of a telecom giant $42 million for cybersecurity vulnerabilities that contributed to a massive data breach. First seen on therecord.media Jump to article: therecord.media/france-data-regulator-fine
-
MS-ISAC Flags High-Risk Security Flaws in Fortinet Products
A new cybersecurity advisory from the Multi-State Information Sharing and Analysis Center (MS-ISAC) is alerting organizations to multiple vulnerabilities affecting Fortinet products, some of which could allow attackers to execute arbitrary code on impacted systems. The advisory, identified as MS-ISAC Advisory 2026-003, was issued on January 13, 2026, and applies to a wide range of enterprise, government, and education-focused…
-
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
A recent disclosure confirms that email accounts belonging to U.S. congressional staff were compromised as part of the Salt Typhoon cyber-espionage campaign, targeting personnel supporting key House committees and exploiting trusted identities rather than software vulnerabilities, according to TechRadar. While no immediate operational disruption was publicly reported, the incident sends a clear message: identity systems…