Vulnerabilities

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation

Fortinet has started rolling out security updates to fix a critical vulnerability in FortiOS, which has recently been actively exploited in the wild. The flaw, tracked as CVE-2026-24858 with a CVSS score of 9.4, is an authentication bypass issue linked to FortiOS single sign-on (SSO). This vulnerability also impacts FortiManager and FortiAnalyzer, while Fortinet continues to investigate potential […]

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation Read More »

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in real world attacks. The flaw, tracked as CVE-2024-37079 and assigned a CVSS score of 9.8, impacts the implementation of the DCE/RPC protocol within VMware

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog Read More »

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding four software security flaws that are confirmed to be actively exploited in real world attacks. CISA stated that these additions are based on verified evidence of exploitation, highlighting an increased risk to both public and private sector

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities Read More »

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access

A severe security vulnerability has been disclosed in the GNU InetUtils telnet daemon (telnetd) that has remained unnoticed for nearly 11 years. The flaw allows remote attackers to bypass authentication and gain root access on affected systems. Vulnerability Overview The flaw, tracked as CVE-2026-24061, carries a CVSS score of 9.8/10. It impacts all GNU InetUtils versions from 1.9.3 through

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access Read More »

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release

A newly discovered security vulnerability in SmarterTools SmarterMail email software is being actively exploited in real world attacks only two days after a fix was released. The rapid exploitation has raised concerns about patch awareness, disclosure practices, and the exposure of email infrastructure to credential takeover and remote code execution. Authentication Bypass Identified and Patched

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release Read More »

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Vulnerabilities

Zoom and GitLab have released urgent security updates addressing multiple high-severity vulnerabilities that could allow remote code execution (RCE), denial-of-service (DoS) attacks, and two-factor authentication (2FA) bypass. Zoom MMR Remote Code Execution The most critical flaw affects Zoom Node Multimedia Routers (MMRs) and carries a CVSS score of 9.9/10. Tracked as CVE-2026-22844, the vulnerability was discovered internally by Zoom’s Offensive Security team. According

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Vulnerabilities Read More »

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026

Security researchers made headlines at Pwn2Own Automotive 2026 by successfully hacking the Tesla Infotainment System and earning $516,500 on the first day of the competition. The event, held during the Automotive World 2026 conference in Tokyo, Japan, saw multiple teams demonstrating high-impact zero-day exploits against modern automotive systems. The Synacktiv Team claimed $35,000 by chaining an information leak with an out-of-bounds write

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026 Read More »

Three Vulnerabilities in Anthropic MCP Git Server Allow File Access and Code Execution

Cybersecurity researchers have disclosed three security flaws in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could allow attackers to read or delete arbitrary files and, under certain conditions, achieve code execution. According to Cyata researcher Yarden Porat, the vulnerabilities can be exploited through prompt injection. This means an attacker does not

Three Vulnerabilities in Anthropic MCP Git Server Allow File Access and Code Execution Read More »

New StackWarp Hardware Flaw Breaks AMD SEV SNP Protections on Zen 1 to 5 CPUs

Researchers from the CISPA Helmholtz Center for Information Security in Germany have revealed a newly discovered hardware vulnerability in AMD processors that weakens the security guarantees of confidential virtual machines. The flaw, named StackWarp, affects AMD Zen 1 through Zen 5 architectures and allows a malicious host with administrative privileges to execute unauthorized code inside

New StackWarp Hardware Flaw Breaks AMD SEV SNP Protections on Zen 1 to 5 CPUs Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »