Cybersecurity Flash Notices

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

CVE-2026-21536 is a critical unauthenticated RCE in Microsoft Devices Pricing Program that lets attackers upload and execute malicious files on servers.

Fortinet Addresses Critical FortiCloud SSO Authentication Bypass Under Active Exploitation

Fortinet released guidance addressing CVE-2026-24858, a critical auth. bypass vulnerability affecting its FortiOS, FortiManager, & FortiAnalyzer products.

UAT-8616 Exploits Cisco SD-WAN Zero-Day for Persistent Access

Cisco Talos revealed active exploitation of CVE-2026-20127, a max-severity authentication bypass vulnerability by the sophisticated threat actor UAT-8616.

Cisco Catalyst SD-WAN Authentication Bypass Vulnerability

CVE-2026-20127 is a critical authentication bypass vulnerability (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller.

Microsoft Word Security Feature Bypass Vulnerability

CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word due to reliance on untrusted inputs in a security decision.

Windows Shell Security Feature Bypass Vulnerability

CVE-2026-21510 is a Windows Shell security feature bypass vulnerability that allows an unauthorized attacker to bypass protection prompts over a network.

Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads

Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025.

Kraken Ransomware Group: Big-Game Hunting and Double Extortion Tactics

This report provides a detailed investigation into the Kraken ransomware group - their operations, methods, and the broader implications for cybersecurity.

Vulnerability in Simple User Capabilities Plugin Exposes WordPress Sites

CVE-2025-12158 is a critical privilege escalation vuln. affecting the Simple User Capabilities WordPress plugin (all versions up to + including 1.0).

Critical Vulnerability in Dataphone A920: CVE-2025-61235 Exposed

CVE-2025-61235 is a critical vulnerability affecting the Dataphone A920 firmware arising from improper validation of network packet input.

Prev 1 2 3 4 5 Next