Tag: vulnerability

CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused by attackers abusing the flaw. Because public disclosures from the Japanese CERT Coordination Center (JPCERT/CC) and…

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

February 24, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

February 24, 2026

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a

Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape

February 23, 2026

This week, a Dell vulnerability is being actively exploited, an Apache flaw allows bypass of RBAC, and over 41% of OpenClaw skills are vulnerable. Major Threats & Vulnerabilities Zero-Day Vulnerabilities A zero-day vulnerability in Dell RecoverPoint is being actively exploited to deploy web shells and backdoors in VMware environments. This highlights the urgent need for…

Apache Tomcat Vulnerability Circumvents Access Rules

February 20, 2026

A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests. Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

February 20, 2026

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […]

better-auth Flaw Allows Unauthenticated API Key Creation

February 19, 2026

A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in. The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…

Flaw in Grandstream VoIP phones allows stealthy eavesdropping

February 19, 2026

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […]

Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)

February 19, 2026

Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts and virtual machines, as well as Active Directory-joined systems. Although the issue was patched in early December 2025 with the release of Windows Admin Center…

Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)

February 19, 2026

A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device’s web-based API service, and is accessible in a default configuration,” Rapid7 researcher Stephen Fewer noted. The risks related to CVE-2026-2329 exploitation CVE-2026-2329…

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw

February 18, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. […]

Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor

February 18, 2026

A zero-day vulnerability in Dell RecoverPoint for Virtual Machines is being actively exploited to deploy backdoors and pivot deeper into enterprise networks. The flaw has reportedly been abused since at least mid-2024 by a suspected China-linked threat cluster. “Beyond the Dell appliance exploitation, Mandiant observed the actor employing novel tactics to pivot into VMware virtual…

Notepad++ patches flaw used to hijack update system

February 18, 2026

Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…

Windows Admin Center Flaw Opens Door to Privilege Escalation

February 18, 2026

A vulnerability in Windows Admin Center (WAC) could allow authorized attackers to escalate privileges in enterprise environments. The issue affects WAC version 2.6.4 and has been assigned a CVSS score of 8.8. “Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the…

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

February 18, 2026

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded…

OpenClaw Flaw Enables AI Log Poisoning Risk

February 17, 2026

A vulnerability has been identified in OpenClaw’s AI assistant that could allow attackers to insert crafted content into system logs. The flaw stems from how certain WebSocket headers were logged, creating a potential log poisoning risk in AI-assisted workflows. “This issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior.…

CVE-2026-25903 Impacts Apache NiFi Users

February 17, 2026

A vulnerability has been disclosed that potentially impacts organizations using Apache NiFi to manage data pipelines. The issue could allow lower-privileged users to modify restricted components within a data flow due to missing authorization checks. “The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a…

Exploit available for new Chrome zero-day vulnerability, says Google

February 16, 2026

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Exploit available for new Chrome zero-day vulnerability, says Google

February 16, 2026

BeyondTrust RCE Exploited for Domain Control

February 16, 2026

Attackers are actively exploiting a vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) to remotely run commands and escalate to full domain control in some environments. The flaw affects self-hosted deployments and can be triggered without authentication. We “… observed attempts to deploy the SimpleHelp RMM tool for persistence, along with discovery…

Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day

February 16, 2026

A high severity vulnerability in Google Chrome and allows remote attackers to execute code

Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)

February 16, 2026

Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said. About CVE-2026-2441 CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code…

Google patches first Chrome zero-day exploited in attacks this year

February 16, 2026

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. […]

In GitHub’s advisory pipeline, some advisories move faster than others

February 16, 2026

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those advisories ever pass through GitHub’s formal review process. A large scale view of advisory data A review of GitHub Security Advisories published between 2019 and 2025 examined 288,604 advisories. Of…

Critical BeyondTrust RS vulnerability exploited in active attacks

February 13, 2026

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included affected versions of the impacted software. Bomgar, a provider of privileged identity and access management products, acquired BeyondTrust in 2018, adopting the latter’s brand name.…

Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)

February 13, 2026

Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst, Head of Threat Intelligence at watchTowr, confirmed on Thursday. Rapid7 researchers published a technical analysis and proof-of-concept (PoC) exploit for…

Apple discloses first actively exploited zero-day of 2026

February 12, 2026

Apple disclosed a zero-day vulnerability Wednesday that the vendor warned was previously “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a security update. The memory-corruption vulnerability — CVE-2026-20700 — affects iPhones and iPads and was exploited on devices running versions of iOS before iOS 26. The Cybersecurity and Infrastructure…

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

February 12, 2026

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. […]

WordPress plugin with 900k installs vulnerable to critical RCE flaw

February 12, 2026

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. […]

Apple Patches Actively Exploited Zero-Day Flaw

February 12, 2026

Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals. The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…

Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)

February 12, 2026

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…

Time to Exploit Plummets as N-Day Flaws Dominate

February 12, 2026

Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation

Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks

February 11, 2026

Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. […]

Windows 11 Notepad flaw let files execute silently via Markdown links

February 11, 2026

Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. […]

CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk

February 11, 2026

A decades-old libpng flaw exposes widely used systems to denial-of-service and potential code execution via crafted PNG files.

The post CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk appeared first on eSecurity Planet.

CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security

February 11, 2026

Microsoft patched an actively exploited Word flaw that bypasses OLE protections and executes malicious documents without standard warnings.

The post CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security appeared first on eSecurity Planet.

Windows Notepad RCE Flaw Exploits Markdown Files

February 11, 2026

Microsoft has patched a vulnerability in the modern Windows Notepad app that could allow remote code execution if a user opens a specially crafted Markdown file. The issue carries a CVSS score of 8.8 and requires user interaction to exploit. The vulnerability “… allows an unauthorized attacker to execute code over a network,” said Microsoft…

Windows Patch Fixes Exploited RasMan DoS Flaw

February 11, 2026

Microsoft has patched a vulnerability in the Windows Remote Access Connection Manager (RasMan) service that was being exploited to trigger denial-of-service (DoS) conditions on unpatched systems. If exploited, the flaw can cause the remote access service to crash, potentially interrupting VPN connectivity and affecting remote access for users and administrators. The vulnerability “… allows an…

FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026

February 11, 2026

This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed

Global Group ransomware gang running new campaign using Windows shortcut files

February 10, 2026

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees…

FortiOS Authentication Bypass Exposes VPN and SSO Deployments

February 10, 2026

Fortinet has disclosed an authentication bypass vulnerability in FortiOS. Under certain configurations, the flaw could allow attackers to bypass LDAP-based authentication controls and gain unauthorized access to protected enterprise networks. The vulnerability “… may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration,” said Fortinet…

FortiSandbox XSS Vulnerability Allows Remote Command Execution

February 10, 2026

Fortinet has disclosed a vulnerability in its FortiSandbox platform that could allow unauthenticated attackers to execute arbitrary commands. The issue involves a cross-site scripting (XSS) flaw in the FortiSandbox web interface that may lead to elevated access if exploited. The vulnerability “… may allow an unauthenticated attacker to execute commands via crafted requests,” said Fortinet…

How to Prioritize Vulnerability Remediation (Without Losing Your Mind)

February 9, 2026

Let’s say you run a vulnerability scan and it finds 100 issues across your environment. Ten are labeled critical Fifteen are high Twenty are medium The rest are low or informational The report helpfully tells you to fix everything immediately. This is where reality kicks in. Most organizations cannot patch every vulnerability the moment it…

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

February 9, 2026

The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product.

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

February 9, 2026

The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product.

Critical Fortinet FortiClientEMS flaw allows remote code execution

February 9, 2026

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Critical Fortinet FortiClientEMS flaw allows remote code execution

February 9, 2026

Critical Fortinet FortiClientEMS flaw allows remote code execution

February 9, 2026

Critical Fortinet FortiClientEMS flaw allows remote code execution

February 9, 2026

BeyondTrust Vulnerability Allows Pre-Auth Remote Code Execution

February 9, 2026

A vulnerability in BeyondTrust remote access products allows unauthenticated attackers to execute arbitrary operating system commands, potentially granting full control over affected systems. The flaw impacts BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) and carries a CVSS score of 9.9. “Successful exploitation requires no authentication or user interaction and may lead to system…

BeyondTrust Vulnerability Allows Pre-Auth Remote Code Execution

February 9, 2026

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

February 9, 2026

BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day (CVE-2024-12356) that was flagged after having been exploited by China-nexus threat actors to breach the US Treasury…

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

February 9, 2026

Flickr Notifies Users of Potential Third-Party Data Exposure

February 6, 2026

Flickr has begun notifying users about a potential data exposure tied to a vulnerability in a third-party email service provider. The incident highlights the security considerations associated with third-party services, even when a platform’s core systems are not directly affected. “On February 5, 2026, we were alerted to a vulnerability in a system operated by…

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

February 6, 2026

For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January 26, the US cybersecurity agency listed CVE-2025-52691 (a unrestricted upload of file with dangerous…

Flickr discloses potential data breach exposing users’ names, emails

February 6, 2026

Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. […]

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

February 5, 2026

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware…

Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes

February 4, 2026

A recently disclosed vulnerability in ingress-nginx may allow authenticated attackers to execute code and access Kubernetes Secrets in affected clusters. The vulnerability could “… lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller,” said Kubernetes researchers. Inside the Ingress-Nginx Security Vulnerability Ingress controllers sit…