Vulnerabilities

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has issued an urgent alert regarding two recently patched vulnerabilities affecting Roundcube Webmail. The agency confirmed that both flaws are now being actively exploited in real world attacks and has directed federal agencies to apply patches within three weeks. Roundcube has served as the default […]

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited Read More »

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-risk vulnerabilities affecting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog. The move comes after reports of active exploitation, underscoring the urgency for organizations to patch affected systems promptly. Details of the Vulnerabilities The newly listed vulnerabilities include: Dubai-based cybersecurity company FearsOff,

CISA Adds Two Actively Exploited Roundcube Vulnerabilities to KEV Catalog Read More »

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data

A critical security flaw affecting BeyondTrust Remote Support and BeyondTrust Privileged Remote Access products is being actively exploited by threat actors to deploy web shells, backdoors, malware, and exfiltrate sensitive data. The vulnerability, tracked as CVE-2026-1731, carries a CVSS score of 9.9. Nature of the Vulnerability The flaw stems from a sanitization failure in the “thin-scc-wrapper” script, accessible via

BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data Read More »

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center

Microsoft has addressed a high-severity security vulnerability in Windows Admin Center that could allow attackers to escalate privileges on affected systems. The flaw, tracked as CVE-2026-26119, carried a CVSS score of 8.8 out of 10, highlighting its potential risk to enterprise environments. About the Vulnerability Windows Admin Center is a locally deployed, browser-based management suite enabling administrators

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center Read More »

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution

A serious cybersecurity vulnerability has been identified in the Grandstream GXP1600 series VoIP phones, potentially allowing attackers to take full control of affected devices without authentication. Security experts warn that this flaw could enable remote compromise with root-level privileges, placing enterprise voice networks at significant risk. Critical RCE Vulnerability Identified The vulnerability, tracked as CVE-2026-2329, carries a CVSS

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Read More »

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have uncovered serious security vulnerabilities in four widely used Microsoft Visual Studio Code extensions. These flaws could allow attackers to steal sensitive local files and remotely execute malicious code on developers’ machines. The affected extensions, installed more than 125 million times collectively, include Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs Read More »

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024

A severe security vulnerability in Dell RecoverPoint for Virtual Machines (VMs) has been actively exploited as a zero-day by a suspected China-linked threat group known as UNC6201 since mid-2024, according to findings from Google Mandiant and the Google Threat Intelligence Group (GTIG). The vulnerability, identified as CVE-2026-22769 with a maximum CVSS score of 10.0, stems

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024 Read More »

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four newly flagged security flaws that are currently under active exploitation. The move signals heightened risk to organizations, particularly U.S. federal agencies, as the vulnerabilities affect widely used platforms including Google Chrome, Microsoft Windows, and enterprise collaboration systems. Newly Added

CISA Identifies Four Actively Exploited Security Vulnerabilities in Latest KEV Update Read More »

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers

A newly published academic study has revealed 25 distinct password recovery attacks affecting leading cloud-based password managers, including Bitwarden, Dashlane, and LastPass. Under specific threat conditions, these vulnerabilities could allow attackers to recover stored credentials or compromise organizational vaults. The research, conducted by academics from ETH Zurich and Università della Svizzera italiana, evaluated the security claims surrounding zero-knowledge encryption architectures implemented

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers Read More »

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released Read More »