Recent SolarWinds Flaws Potentially Exploited as Zero-Days 2026-02-09 at 17:42 By Ionut Arghire Vulnerable SolarWinds Web Help Desk instances were exploited in December 2025 for initial access. The post Recent SolarWinds Flaws Potentially Exploited as Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Recent SolarWinds Flaws Potentially Exploited as Zero-Days Read More »
New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog 2026-02-09 at 11:10 By Kevin Townsend The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s
New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog Read More »
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks 2026-02-06 at 09:54 By Ionut Arghire The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical SmarterMail Vulnerability Exploited in Ransomware Attacks Read More »
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog 2026-02-06 at 08:00 By Eduard Kovacs CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article is an excerpt
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Read More »
VS Code Configs Expose GitHub Codespaces to Attacks 2026-02-05 at 16:59 By Ionut Arghire VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
VS Code Configs Expose GitHub Codespaces to Attacks Read More »
Critical N8n Sandbox Escape Could Lead to Server Compromise 2026-02-05 at 14:02 By Ionut Arghire The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets. The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical N8n Sandbox Escape Could Lead to Server Compromise Read More »
Cisco, F5 Patch High-Severity Vulnerabilities 2026-02-05 at 12:06 By Ionut Arghire The security defects can lead to DoS conditions, arbitrary command execution, and privilege escalation. The post Cisco, F5 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cisco, F5 Patch High-Severity Vulnerabilities Read More »
Vulnerabilities Allowed Full Compromise of Google Looker Instances 2026-02-04 at 15:45 By Eduard Kovacs The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration. The post Vulnerabilities Allowed Full Compromise of Google Looker Instances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Vulnerabilities Allowed Full Compromise of Google Looker Instances Read More »
DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft 2026-02-04 at 13:48 By Ionut Arghire The critical vulnerability exists in the contextual trust in MCP Gateway architecture, as instructions are passed without validation. The post DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft appeared first on SecurityWeek. This article is
DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft Read More »
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks 2026-02-04 at 12:02 By Ionut Arghire Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. The post Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks Read More »
Fresh SolarWinds Vulnerability Exploited in Attacks 2026-02-04 at 11:56 By Ionut Arghire The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fresh SolarWinds Vulnerability Exploited in Attacks Read More »
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks 2026-02-04 at 10:47 By Eduard Kovacs Wiz and Permiso have analyzed the AI agent social network and found serious security issues and threats. The post Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks appeared first on SecurityWeek. This article
Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks Read More »
Critical React Native Vulnerability Exploited in the Wild 2026-02-03 at 16:01 By Ionut Arghire Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Critical React Native Vulnerability Exploited in the Wild Read More »
Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability 2026-02-03 at 15:15 By Eduard Kovacs The attacks targeting Europe were analyzed by Ukraine’s CERT-UA and the cybersecurity company Zscaler. The post Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability Read More »
Ivanti Patches Exploited EPMM Zero-Days 2026-01-30 at 10:33 By Eduard Kovacs The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Ivanti Patches Exploited EPMM Zero-Days Read More »
N8n Vulnerabilities Could Lead to Remote Code Execution 2026-01-29 at 17:29 By Ionut Arghire The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
N8n Vulnerabilities Could Lead to Remote Code Execution Read More »
SolarWinds Patches Critical Web Help Desk Vulnerabilities 2026-01-29 at 15:49 By Ionut Arghire The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SolarWinds Patches Critical Web Help Desk Vulnerabilities Read More »
APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability 2026-01-28 at 12:06 By Ionut Arghire Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025. The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability Read More »
Fortinet Patches Exploited FortiCloud SSO Authentication Bypass 2026-01-28 at 10:17 By Ionut Arghire Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts. The post Fortinet Patches Exploited FortiCloud SSO Authentication Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Fortinet Patches Exploited FortiCloud SSO Authentication Bypass Read More »
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL 2026-01-28 at 09:48 By Eduard Kovacs A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm. The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL Read More »