A high heap-based buffer overflow vulnerability in the cw_acd daemon component of Fortinet’s FortiOS and FortiSwitchManager has been disclosed, enabling remote unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-25249, carries a high CVSS v3.1…
Tag: EN
Lumo expands its Lumo AI assistant with encrypted, project-based workspaces
Lumo is Proton’s AI assistant, built with a focus on privacy and user control. It runs on Proton’s infrastructure and is designed so conversations are not used to train models or retained beyond what is required to provide the service.…
HPE Open View Vulnerability Hits CISA Known Exploited List
Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active…
Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days
Microsoft has released its January 2026 Patch Tuesday security updates, addressing 114 vulnerabilities across Windows, Office, and other products. The update includes three actively exploited zero-day vulnerabilities and 12 critical-severity flaws that require immediate attention from system administrators. The January…
New Magecart Campaign Steals Credit Card Details During Online Checkouts
Cybersecurity researchers at Silent Push Preemptive Cyber Defense have uncovered an extensive and sophisticated web-skimming campaign that has been actively stealing credit card data from e-commerce websites since at least January 2022. The ongoing operation, operating under the umbrella term…
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild
Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to…
Instagram denies breach, Sweden detains spying suspect, n8n attack steals OAuth tokens
Instagram denies breach post-data leak Sweden detains consultant suspected of spying n8n supply chain attack steals OAuth tokens Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show…
ISC Stormcast For Wednesday, January 14th, 2026 https://isc.sans.edu/podcastdetail/9766, (Wed, Jan 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, January 14th, 2026…
AI Scraping in Mobile Apps: How It Works and How to Stop It
For years, scraping was treated as a web problem. The post AI Scraping in Mobile Apps: How It Works and How to Stop It appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.… This article has been indexed from The Register – Security Read the original article: Windows info-disclosure 0-day…
AZ Monica hospital in Belgium shuts down servers after cyberattack
A cyberattack hit AZ Monica hospital in Belgium, forcing it to shut down servers, cancel procedures, and transfer critical patients. A cyberattack forced Belgian hospital AZ Monica to shut down all servers, cancel scheduled procedures, and transfer critical patients. AZ…
Wine 11 brings major architectural work, synchronization changes, 600+ bug fixes
Wine, originally short for “Wine Is Not an Emulator,” is a compatibility layer that allows Windows applications to run natively on POSIX-compliant operating systems, including Linux, macOS, and BSD. Rather than running a full copy of Windows or simulating its…
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code…
Service Providers Help Pig Butcher Scammers Scale Operations: Infoblox
Service providers are delivering infrastructure, tools, and expertise and giving rise to pig-butchering-as-a-service models that are enabling the Asian crime syndicates running massive investment and romance scams to through industrial-scale compounds around the world at a larger scale and for…
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42. This article has been indexed from Unit 42…
CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million
News of the move to acquire Seraphic comes less than a week after CrowdStrike announced an agreement to acquire identity security startup SGNL for $740 million. The post CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million appeared first…
Respawn Confirms Apex Legends Game Remote Input Control Incident
Respawn confirmed an Apex Legends incident where attackers remotely hijacked player inputs mid-match. The post Respawn Confirms Apex Legends Game Remote Input Control Incident appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Threat actor claims the theft of full customer data from Spanish energy firm Endesa
Endesa disclosed a data breach exposing full customer data, including contact details, national ID numbers, and payment information. Spanish energy firm Endesa disclosed a data breach, threat actors stole full customer data, including contact details, national ID numbers, and payment…
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities
Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released. The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft…
Adobe Patches Critical Apache Tika Bug in ColdFusion
Adobe has released patches for 25 vulnerabilities across its products, including a critical Apache Tika flaw in ColdFusion. The post Adobe Patches Critical Apache Tika Bug in ColdFusion appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…