Alerts

Alerts

Critical Zoom Flaw Allows Meeting Participants to Execute Code on Enterprise Servers (CVE-2026-22844)

Zoom has disclosed a critical command injection vulnerability affecting its enterprise hybrid meeting infrastructure that could allow a meeting participant to execute arbitrary code on backend servers. The vulnerability, tracked as CVE-2026-22844, carries a CVSS score of 9.9 and affects Zoom Node Multimedia Routers (MMRs)—the components responsible for

Alerts

Oracle January 2026 Critical Patch Update Fixes 336 Vulnerabilities Including CVSS 10.0 Fusion Middleware Flaw

Oracle has released its January 2026 Critical Patch Update (CPU), addressing 336 new security vulnerabilities across its enterprise software portfolio. Among the most severe is a maximum-severity flaw in Oracle Fusion Middleware that could allow attackers to seize complete control of affected servers without authentication. The Critical Flaw The vulnerability,

Alerts

Cloudflare WAF Zero-Day Allowed Attackers to Bypass Security Controls via ACME Challenge Path

A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers. Security researchers at FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origin servers even when WAF rules explicitly blocked all other traffic. How

Alerts

Critical Apache bRPC Vulnerability Allows Remote Command Injection (CVE-2025-60021)

A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online. Vulnerability Details CVE IDCVSS ScoreTypeAffected VersionsCVE-2025-600219.8 (Critical)Remote Command InjectionAll versions prior to 1.15.0 The flaw exists in the heap profiler's extra_options parameter. Attackers

Alerts

Critical Deno Vulnerabilities Enable Server Secrets Exposure and Windows Command Injection

Two significant security vulnerabilities have been discovered in Deno, the modern JavaScript and TypeScript runtime known for its "secure by default" architecture. The flaws could expose sensitive server secrets and allow command injection on Windows systems. Vulnerabilities CVE IDCVSS ScoreTypeImpactCVE-2026-228639.2 (Critical)Missing Cryptographic StepSecrets exposureCVE-2026-22864HighCommand InjectionArbitrary code

Alerts

ConnectWise Patches High-Severity XSS and Session Cookie Vulnerabilities in PSA Platform

ConnectWise has released a security update for its Professional Services Automation (PSA) platform, addressing two vulnerabilities that could allow stored script execution and session cookie theft. The company recommends upgrading to version 2026.1 as soon as possible. Vulnerabilities CVE IDTypeCVSS ScoreImpactCVE-2026-0695Cross-Site Scripting (XSS)8.7 (High)Stored script executionCVE-2026-0696Sensitive

Alerts

Electron Vulnerability Allows Backdooring of Signal, 1Password, Slack, and Chrome

Security researchers at Trail of Bits have discovered a critical vulnerability in Electron-based applications that allows attackers to inject persistent backdoors into Signal, 1Password, Slack, and Chrome by tampering with V8 heap snapshot files. Tracked as CVE-2025-55305, the flaw bypasses code integrity checks in nearly all applications built on the

Alerts

Cisco Zero-Day RCE in Secure Email Gateway Actively Exploited by China-Linked Threat Actor

Cisco has confirmed active exploitation of a critical zero-day vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw carries a maximum CVSS score of 10.0 and allows unauthenticated attackers to execute arbitrary commands with root privileges via crafted HTTP requests.

Alerts

Critical AWS CodeBuild Flaw Exposed AWS Console to Supply Chain Attack

Critical AWS CodeBuild Flaw Exposed AWS Console to Supply Chain Attack A critical misconfiguration in AWS CodeBuild could have allowed attackers to compromise key AWS-owned GitHub repositories, including the JavaScript SDK that powers the AWS Console itself. Security researchers at Wiz Research discovered the vulnerability, dubbed "CodeBreach," which

Alerts

Microsoft January 2026 Patch Tuesday: 114 Vulnerabilities Fixed Including 3 Zero-Days

Microsoft's first Patch Tuesday of 2026 addresses 114 security vulnerabilities across Windows, Office, and related services. The release includes 12 critical-severity flaws and patches for three zero-day vulnerabilities. By the Numbers Zero-Days Patched Three zero-day vulnerabilities were addressed in this release: * CVE-2026-20805 - Desktop Window Manager information disclosure

Alerts

Gogs RCE Actively Exploited: CISA Adds CVE-2025-8110 to KEV Catalog

Gogs, a lightweight and self-hosted Git service commonly used as an alternative to GitHub Enterprise or GitLab, has become the focus of urgent U.S. federal cybersecurity action. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Gogs vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog,

Alerts

CRITICAL: Patch n8n Now — Unauthenticated RCE Affects 100K Servers

Patch immediately. CVSS 10.0. A maximum-severity flaw in n8n allows unauthenticated attackers to fully compromise servers and access all connected systems including API keys, databases, and cloud services. Vulnerability Summary CVECVE-2026-21858Severity10.0 CRITICALAffectedn8n versions < 1.121.0ExploitedPoC availablePatchUpgrade to 1.121.0+ What's at Risk Attackers