Category: Vulnerability News

Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4…

Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions…

Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and cause kernel operations…

Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity vulnerability carries a CVSS 3.1 score of 10.0. It creates a severe risk for software…

Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution Fortinet released a sweeping security advisory on March 10, 2026, addressing eleven vulnerabilities across its core enterprise products, including FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox. The flaws range from authentication bypasses and buffer overflows to OS command injection and SQL injection, several of…

Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior…

iPhone Exploit Toolkit Used by Russian Spies Likely Originated from U.S. Contractor A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor L3Harris, has fallen into the hands of Russian spies and Chinese cybercriminals.​ The Coruna toolkit features 23 different hacking components designed to compromise Apple iPhones. Trenchant originally built…

Hikvision Multiple Products Vulnerability Allows Malicious Users to Escalate Privileges A severe vulnerability affecting multiple Hikvision products was added to the Known Exploited Vulnerabilities (KEV) catalog on March 5, 2026. Tracked globally under CVE-2017-7921, this security flaw poses a significant risk to organizations that rely on these popular surveillance systems. The flaw enables malicious users…

CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing active exploitation. On March 5, 2026, CISA added three security flaws affecting macOS, iOS, iPadOS, and other Apple products to its Known Exploited Vulnerabilities (KEV) catalog. This…

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw carries a maximum severity rating, allowing unauthenticated attackers to execute arbitrary operating system commands on the targeted server. Discovered by security researcher Arkmarta, the vulnerability…

PoC Exploit Released Cisco SD-WAN 0-Day Vulnerability Exploited in the Wild A public proof-of-concept (PoC) exploit has been released for CVE-2026-20127, a maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager that has been actively exploited in the wild since at least 2023. Cisco Talos is tracking the threat activity under the cluster UAT-8616, describing…

Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers Researchers have uncovered a critical zero-click vulnerability in FreeScout, a widely used open-source help desk and shared mailbox application. Dubbed “Mail2Shell,” this flaw allows attackers to hijack mail servers without any user interaction or authentication. The vulnerability, tracked as CVE-2026-28289, bypasses a recently patched Remote Code…

CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog. Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands. Organizations are urged to implement mitigations or discontinue use of the…

OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing any malicious website to silently seize full control of a developer’s AI agent without requiring plugins, extensions, or any user…

Claude Code Hacked to Achieve Full RCE and Hijacked Organization API keys Critical vulnerabilities in Anthropic’s Claude Code, an AI-powered command-line development tool. The flaws could allow attackers to achieve Remote Code Execution (RCE) and exfiltrate Anthropic API keys by exploiting project configuration files. The issues were reported by Check Point Research (CPR), and Anthropic…

Google API Keys Expose Private Data Silently Through Gemini A critical privilege escalation vulnerability affecting Google Cloud API keys specifically how legacy public-facing keys now silently grant unauthorized access to Google’s Gemini AI endpoints, exposing private files, cached data, and billable AI usage to attackers. For over a decade, Google explicitly instructed developers to embed…

27 Years old Telnet Vulnerability Enables Attackers to Gain Root Access A newly confirmed vulnerability in the telnet daemon (telnetd) in GNU Inetutils has revived a 27-year-old security flaw, allowing attackers to gain root access by exploiting improper sanitization of environment variables, with no authentication required. Tracked as CVE-2026-24061, the flaw exists in GNU Inetutils through…

GitHub Copilot Exploited to Perform Full Repository Takeover via Passive Prompt Injection A critical AI-driven vulnerability in GitHub Codespaces, dubbed RoguePilot, that enabled attackers to silently hijack a repository by embedding malicious instructions inside a GitHub Issue. The flaw, uncovered by researchers at the Orca Research Pod, exploits the seamless integration between GitHub Issues and…

PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release cycle. The flaw, rooted in command injection, was originally discovered by Cristian Papa and Alasdair Gorniak…

CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in Attacks An urgent warning regarding a newly discovered zero-day vulnerability in Google Chromium, which is reportedly under active exploitation in the wild. The vulnerability, tracked as CVE-2026-2441, affects Chromium’s CSS (Cascading Style Sheets) engine and can enable remote attackers to execute arbitrary code on a victim’s…

Notepad++ v8.9.2 Released with “Double-Lock” Update Mechanism Following Recent Hack The widely used open-source text and code editor has released version v8.9.2, introducing a major security enhancement known as the “Double-Lock” update mechanism. This update addresses vulnerabilities that were exploited in a recent state-sponsored attack targeting the application’s update infrastructure. Last month, Notepad++’s official site confirmed that attackers…

Chrome 0-Day Vulnerability Actively Exploited by Attackers in the Wild Google has urgently patched a high-severity zero-day vulnerability in Chrome, confirming active exploitation in the wild. Tracked as CVE-2026-2441, the flaw is a use-after-free bug in the browser’s CSS handling, reported by independent researcher Shaheen Fazim just five days ago on February 11, 2026. The…

Threat Actor Allegedly Selling Critical Severity OpenSea 0-day Exploit Chain on Hacking Forums A threat actor is reportedly selling a purported critical severity zero-day exploit chain targeting OpenSea for $100,000 USD in Bitcoin or Monero. The listing claims the vulnerability remains unpatched and undisclosed, raising alarms in the NFT community. The exploit allegedly targets flaws…

Critical Vulnerability in Next-Mdx-Remote Allows Arbitrary Code Execution in React Server-Side Rendering Security advisory HCSEC-2026-01 revealed a critical vulnerability in the next-mdx-remote library that allows attackers to execute arbitrary code on servers rendering untrusted MDX content. Tracked as CVE-2026-0969, the issue affects versions 4.3.0 through 5.0.0 and is fixed in 6.0.0. Next-mdx-remote is a popular…

Windows Remote Desktop Services 0-Day Vulnerability Exploited in the Wild to Escalate Privileges Microsoft has patched CVE-2026-21533, a zero-day elevation of privilege vulnerability in Windows Remote Desktop Services (RDS) that attackers are exploiting in the wild to gain SYSTEM-level access. The flaw stems from improper privilege management and was addressed in the February 2026 Patch…

Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads Two months following the disclosure of CVE-2025-55182, exploitation activity targeting React Server Components has evolved from broad scanning into consolidated, high-volume attack campaigns. According to telemetry from GreyNoise collected between January 26 and February 2, 2026, threat actors are actively leveraging this…

Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries…

Critical Ivanti Endpoint Manager 0-day RCE Vulnerabilities Actively Exploited in Attacks Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-1281 and CVE-2026-1340, allow unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The vulnerabilities…

3,280,081 Fortinet Devices Online With Exposed Web Properties Under Risk Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authentication-bypass flaw actively exploited in the wild. The vulnerability, rated 9.4 on the CVSS scale, affects multiple Fortinet product lines, including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. Critical…

CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a significant risk to enterprise…

Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via “-f root” A critical remote authentication bypass vulnerability has been disclosed in GNU InetUtils affecting the telnetd server component. The flaw, reported by a security researcher on January 19, 2026, allows unauthenticated attackers to gain root access by exploiting improper input sanitization in the telnetd authentication…

Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the Bluetooth implementation of…

Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working as intended. Service…

Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the…

New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories A critical misconfiguration in AWS CodeBuild enabled unauthenticated attackers to seize control of key AWS-owned GitHub repositories, including the widely used AWS JavaScript SDK powering the AWS Console itself. This supply chain vulnerability threatened platform-wide compromise, potentially injecting malicious code into applications and…

Palo Alto Networks Firewall Vulnerability Allows Attacker to Trigger DoS Attacks Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from improper checks for unusual conditions…

100,000+ n8n Instances Exposed to Internet Vulnerable to RCE Attacks A critical vulnerability affecting the popular n8n workflow automation platform has put over 100,000 internet-exposed instances at severe risk. Security researchers from The Shadowserver Foundation discovered that 105,753 unique n8n instances are vulnerable to remote code execution (RCE) attacks through CVE-2026-21858. n8n is a workflow…

GitLab Patches Multiple Vulnerabilities that Enables Arbitrary Code Execution GitLab has released emergency security patches for multiple versions of its platform, addressing eight vulnerabilities that could enable arbitrary code execution and unauthorized access in self-managed installations. The updated versions 18.7.1, 18.6.3, and 18.5.5 were deployed to GitLab.com on January 7, 2026, with self-hosted customers strongly…

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data QNAP has patched multiple security vulnerabilities in its License Center application that could allow attackers to access sensitive information or disrupt services on affected NAS devices. The issues, tracked as CVE-2025-52871 and CVE-2025-53597, were disclosed on January 3, 2026. QNAP rated the flaws as Moderate severity and confirmed that the issues have been resolved in the latest…

10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability Over 10,000 Fortinet firewalls worldwide remain vulnerable to CVE-2020-12812, a multi-factor authentication (MFA) bypass flaw disclosed over five and a half years ago. Shadowserver recently added the issue to its daily Vulnerable HTTP Report, highlighting persistent exposure amid active exploitation confirmed by Fortinet in…