-
A newly disclosed critical vulnerability in Cal.com, an open-source scheduling and booking platform, could allow attackers to bypass authentication and gain full access to any user account. The flaw, identified by GitHub researcher pedro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has released security updates to address a high‑severity denial-of-service (DoS) vulnerability in PAN-OS that could allow unauthenticated attackers to repeatedly crash firewalls configured with GlobalProtect, forcing them into mainte…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HPE has released security patches for multiple high-severity vulnerabilities in HPE Networking Instant On devices that could expose internal VLAN configuration data and allow remote attackers to disrupt wireless networks or gain unauthorized insight in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese infrastructure is currently hosting more than 18,000 active command‑and‑control (C2) servers across 48 providers, with activity heavily concentrated on a handful of major telecom and cloud networks in China. This dense clustering of malware, ph…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A command-injection vulnerability in the Spring CLI VSCode extension allows attackers to execute arbitrary commands on affected user machines. The vulnerability, tracked as CVE-2026-22718, affects all versions …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released urgent security patches addressing four significant vulnerabilities in Kibana that could enable attackers to steal sensitive files, trigger service outages, and exhaust system resources. The advisories, published on January 14, 202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has launched Chrome 144 for desktop platforms, addressing ten security vulnerabilities including multiple high-severity flaws in the V8 JavaScript engine. The stable channel update began rolling out on January 13, 2026, for Windows, Mac, and Lin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a critical information disclosure vulnerability in the Desktop Window Manager that threat actors are actively exploiting. The vulnerability, tracked as CVE-2026-20805, was publicly released on January 13, 2026, and allows authen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Node.js project has released critical security updates addressing multiple vulnerabilities affecting all active release lines. On January 13, 2026, the Node.js team announced patches for versions 20.x, 22.x, 24.x, and 25.x, tackling three high-seve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high heap-based buffer overflow vulnerability in the cw_acd daemon component of Fortinet’s FortiOS and FortiSwitchManager has been disclosed, enabling remote unauthenticated attackers to execute arbitrary code on affected systems. The vulnerabi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
