-
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s add…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers of a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions. The vulnerability, identified as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for depl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Feb. 20, 2026 – Advantest Corporation, a top supplier of semiconductor test equipment, revealed it is battling a ransomware attack that struck its network last weekend. The incident, detected on February 15 (JST), has disrupted multiple systems and rai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious flaw in Splunk Enterprise for Windows that lets low-privileged users hijack DLL loading and escalate to SYSTEM-level access. Tracked as CVE-2026-20140, this local privilege escalation (LPE) vulnerability stems from DLL search-order hijacking …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most crit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
