Security advisories, patches, and warnings
Alerts
A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options parameter. Attackers
Alerts
Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-2026-22864HighCommand InjectionArbitrary code
Alerts
ConnectWise has released a security update for its Professional Services Automation (PSA) platform, addressing two vulnerabilities that could allow stored script execution and session cookie theft. The company recommends upgrading to version 2026.1 as soon as possible. Vulnerabilities CVE IDTypeCVSS ScoreImpactCVE-2026-0695Cross-Site Scripting (XSS)8.7 (High)Stored script executionCVE-2026-0696Sensitive
Alerts
Security researchers at Trail of Bits have discovered a critical vulnerability in Electron-based applications that allows attackers to inject persistent backdoors into Signal, 1Password, Slack, and Chrome by tampering with V8 heap snapshot files. Tracked as CVE-2025-55305, the flaw bypasses code integrity checks in nearly all applications built on the
Alerts
Cisco has confirmed active exploitation of a critical zero-day vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw carries a maximum CVSS score of 10.0 and allows unauthenticated attackers to execute arbitrary commands with root privileges via crafted HTTP requests.
Alerts
Critical AWS CodeBuild Flaw Exposed AWS Console to Supply Chain Attack A critical misconfiguration in AWS CodeBuild could have allowed attackers to compromise key AWS-owned GitHub repositories, including the JavaScript SDK that powers the AWS Console itself. Security researchers at Wiz Research discovered the vulnerability, dubbed "CodeBreach," which
Alerts
Microsoft's first Patch Tuesday of 2026 addresses 114 security vulnerabilities across Windows, Office, and related services. The release includes 12 critical-severity flaws and patches for three zero-day vulnerabilities. By the Numbers Zero-Days Patched Three zero-day vulnerabilities were addressed in this release: * CVE-2026-20805 - Desktop Window Manager information disclosure
Alerts
Gogs, a lightweight and self-hosted Git service commonly used as an alternative to GitHub Enterprise or GitLab, has become the focus of urgent U.S. federal cybersecurity action. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Gogs vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog,
Alerts
Patch immediately. CVSS 10.0. A maximum-severity flaw in n8n allows unauthenticated attackers to fully compromise servers and access all connected systems including API keys, databases, and cloud services. Vulnerability Summary CVECVE-2026-21858Severity10.0 CRITICALAffectedn8n versions < 1.121.0ExploitedPoC availablePatchUpgrade to 1.121.0+ What's at Risk Attackers
Alerts
A severe command injection vulnerability in end-of-life D-Link DSL gateway devices is being actively exploited by threat actors, with no patch forthcoming from the manufacturer. The Vulnerability Tracked as CVE-2026-0625 with a critical CVSS score of 9.3, the flaw exists in the dnscfg.cgi component responsible for handling DNS