Vulnerabilities

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution

A serious cybersecurity vulnerability has been identified in the Grandstream GXP1600 series VoIP phones, potentially allowing attackers to take full control of affected devices without authentication. Security experts warn that this flaw could enable remote compromise with root-level privileges, placing enterprise voice networks at significant risk. Critical RCE Vulnerability Identified The vulnerability, tracked as CVE-2026-2329, carries a CVSS […]

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Read More »

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have uncovered serious security vulnerabilities in four widely used Microsoft Visual Studio Code extensions. These flaws could allow attackers to steal sensitive local files and remotely execute malicious code on developers’ machines. The affected extensions, installed more than 125 million times collectively, include Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs Read More »

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024

A severe security vulnerability in Dell RecoverPoint for Virtual Machines (VMs) has been actively exploited as a zero-day by a suspected China-linked threat group known as UNC6201 since mid-2024, according to findings from Google Mandiant and the Google Threat Intelligence Group (GTIG). The vulnerability, identified as CVE-2026-22769 with a maximum CVSS score of 10.0, stems

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024 Read More »

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four newly flagged security flaws that are currently under active exploitation. The move signals heightened risk to organizations, particularly U.S. federal agencies, as the vulnerabilities affect widely used platforms including Google Chrome, Microsoft Windows, and enterprise collaboration systems. Newly Added

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update Read More »

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers

A newly published academic study has revealed 25 distinct password recovery attacks affecting leading cloud-based password managers, including Bitwarden, Dashlane, and LastPass. Under specific threat conditions, these vulnerabilities could allow attackers to recover stored credentials or compromise organizational vaults. The research, conducted by academics from ETH Zurich and Università della Svizzera italiana, evaluated the security claims surrounding zero-knowledge encryption architectures implemented

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers Read More »

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released Read More »

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability

A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments. Microsoft Addresses 59 Vulnerabilities Microsoft issued fixes for

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms Read More »

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days

Microsoft has released security updates addressing 59 vulnerabilities across its software, including six zero-day flaws currently exploited in the wild. The patch rollout was announced on Tuesday, highlighting the urgent need for users and organizations to apply fixes. Severity Breakdown Of the 59 vulnerabilities, five are marked Critical, 52 Important, and two Moderate. Privilege escalation

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days Read More »