Fortinet disclosed an XSS flaw in FortiSandbox that could allow unauthenticated remote command execution. The post FortiSandbox XSS Vulnerability Allows Remote Command Execution appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates
Microsoft’s Patch Tuesday updates fix roughly 60 vulnerabilities found in the company’s products. The post 6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Microsoft Patch Tuesday – February 2026, (Tue, Feb 10th)
Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public. In addition, five…
Microsoft Patch Tuesday – January 2026, (Tue, Feb 10th)
Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public. In addition, five…
Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption
The Picus Red Report 2026 shows attackers shifting from ransomware to stealthy, long-term access techniques. The post Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Microsoft 365 Admin Center Outage Hits users in North America
Microsoft 365 administrators in North America are grappling with widespread access issues to the Microsoft 365 admin center, as confirmed by the company’s service health dashboard. Issue ID MO1230320 marks a service degradation affecting the core Microsoft 365 suite, disrupting…
FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication
Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies. Classified under CWE-305 (Authentication Bypass by Primary Weakness),…
Threat Hunting Is Critical to SOC Maturity but Often Misses Real Attacks
High-performing SOC teams are increasingly turning to sandbox-derived threat intelligence to make threat hunting repeatable and impactful. Tools like ANY.RUN’s TI Lookup enables faster hunts grounded in real attacker behaviours from millions of analyses. Threat hunting remains a cornerstone of…
FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands
Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unauthenticated attackers to execute arbitrary commands on affected systems. Dubbed an “Improper Neutralization of Input During Web Page Generation” issue (CWE-79),…
Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed, Including 6 Zero-days
Microsoft released its February 2026 Patch Tuesday updates on February 10, addressing 54 vulnerabilities, including six zero-days across Windows, Office, Azure, and developer tools. The updates fix issues in products like Windows Remote Desktop Services, Microsoft Defender, Azure services, GitHub…
AI agents spill secrets just by previewing malicious links
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn AI agents can shop for you, program for you, and, if you’re feeling bold, chat for you in a messaging app. But beware: attackers can use…
Urgent Alert for Irish Homes as Massive Cyberattacks Exploit Smart TVs and IoT Devices
An urgent cybersecurity alert has been issued to households across Ireland amid warnings of “large scale” cyberattacks that could compromise everyday home devices. Grant Thornton Ireland has cautioned that devices such as Android TV boxes and TV streaming hardware…
SolarWinds Web Help Desk Compromised for RCE Multi Stage
SolarWinds compromised The threat actors used internet-exposed SolarWinds Web Help Desk (WHD) instances to gain initial access and then proceed laterally across the organization’s network to other high-value assets, according to Microsoft’s disclosure of a multi-stage attack. However, it is…
Microsoft Patch Tuesday – January 2026, (Tue, Feb 10th)
Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public. In addition, five…
Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption
The Picus Red Report 2026 shows attackers shifting from ransomware to stealthy, long-term access techniques. The post Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
AI agents spill secrets just by previewing malicious links
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn AI agents can shop for you, program for you, and, if you’re feeling bold, chat for you in a messaging app. But beware: attackers can use…
Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps
The company has fixed several critical vulnerabilities that can be exploited for arbitrary code execution. The post Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission’s ruling is based on extensive feedback from customers and rival cloud security and infrastructure vendors. The post EU Unconditionally Approves Google’s $32B Acquisition of Wiz appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier
Read Microsoft’s new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog.…
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme. “These profiles often have…
800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin
On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a…
ZOLL ePCR IOS Mobile Application
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7…
AVEVA PI to CONNECT Agent
View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent <=v2.4.2520 (CVE-2026-1495) CVSS Vendor Equipment Vulnerabilities v3…
AVEVA PI Data Archive
View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507) PI Data Archive PI Server 2023 (CVE-2026-1507) PI Data…