Vulnerabilities

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability

A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS […]

WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments. Microsoft Addresses 59 Vulnerabilities Microsoft issued fixes for

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms Read More »

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days

Microsoft has released security updates addressing 59 vulnerabilities across its software, including six zero-day flaws currently exploited in the wild. The patch rollout was announced on Tuesday, highlighting the urgent need for users and organizations to apply fixes. Severity Breakdown Of the 59 vulnerabilities, five are marked Critical, 52 Important, and two Moderate. Privilege escalation

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days Read More »

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data

Dutch authorities have confirmed that recent cyber attacks exploiting zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) led to unauthorized access to employee contact information within government systems. The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) revealed that their environments were affected after attackers abused newly disclosed flaws in Ivanti

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data Read More »

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution

Fortinet has released security updates to remediate a critical security flaw affecting FortiClientEMS that could allow attackers to execute arbitrary code without authentication. The vulnerability is tracked as CVE-2026-21643 and carries a CVSS score of 9.1, placing it among high impact enterprise security risks. According to Fortinet, the issue stems from improper handling of user

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution Read More »

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products

BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems. In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access

BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns

Threat actors with links to China have been connected to a new wave of cyber espionage operations aimed at government and law enforcement institutions across Southeast Asia during 2025. Check Point Research has attributed the activity to a previously undocumented threat cluster named Amaranth-Dragon, which researchers say shows notable overlaps with the APT41 ecosystem. Countries

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns Read More »

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real world attacks. The vulnerability, identified as CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data. Successful exploitation

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog Read More »