Vulnerabilities

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data

Dutch authorities have confirmed that recent cyber attacks exploiting zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) led to unauthorized access to employee contact information within government systems. The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) revealed that their environments were affected after attackers abused newly disclosed flaws in Ivanti […]

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data Read More »

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution

Fortinet has released security updates to remediate a critical security flaw affecting FortiClientEMS that could allow attackers to execute arbitrary code without authentication. The vulnerability is tracked as CVE-2026-21643 and carries a CVSS score of 9.1, placing it among high impact enterprise security risks. According to Fortinet, the issue stems from improper handling of user

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution Read More »

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products

BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems. In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns

Threat actors with links to China have been connected to a new wave of cyber espionage operations aimed at government and law enforcement institutions across Southeast Asia during 2025. Check Point Research has attributed the activity to a previously undocumented threat cluster named Amaranth-Dragon, which researchers say shows notable overlaps with the APT41 ecosystem. Countries

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns Read More »

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real world attacks. The vulnerability, identified as CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data. Successful exploitation

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog Read More »

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata

Cybersecurity researchers have revealed a serious vulnerability affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI, that could allow attackers to execute code and steal sensitive information. The flaw, dubbed DockerDash by Noma Labs, was fixed in Docker version 4.50.0 released in November 2025. How DockerDash Works According to Sasi Levi, lead security researcher

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata Read More »

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link

A critical security vulnerability has been identified in OpenClaw, previously known as Clawdbot and Moltbot, that enables attackers to Customer Cabinetachieve remote code execution by tricking users into clicking a specially crafted link. The flaw has been assigned CVE-2026-25253 and carries a high CVSS score of 8.8. The issue was resolved in OpenClaw version 2026.1.29,

OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link Read More »

SmarterMail Patches Critical Unauthenticated RCE Vulnerability with CVSS 9.3 Score

SmarterTools has released security updates for its SmarterMail email platform, addressing multiple vulnerabilities, including a critical unauthenticated remote code execution flaw that could allow attackers to run arbitrary commands on affected systems. The most severe issue is tracked as CVE-2026-24423 and carries a CVSS score of 9.3, indicating a high risk to unpatched deployments. Unauthenticated RCE via ConnectToHub

SmarterMail Patches Critical Unauthenticated RCE Vulnerability with CVSS 9.3 Score Read More »

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released

Ivanti has released urgent security updates to fix two critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), both of which have been actively exploited as zero day attacks. One of the flaws has also been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  Known Exploited Vulnerabilities catalog, highlighting the severity of the threat.

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released Read More »