Tag: advisory

In GitHub’s advisory pipeline, some advisories move faster than others

Feb 16, 2026 7:58 AM

Tags: advisory, github, open-source, vulnerability

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/github-security-advisorie-review-timelines-study/
CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover

Feb 16, 2026 7:58 AM

Tags: advisory, cisa, cyber, cybersecurity, flaw, infrastructure, network, technology, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co. The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a component widely utilized to bridge legacy serial devices with modern network infrastructure. These vulnerabilities pose…
Researchers unearth 30-year-old vulnerability in libpng library

Feb 13, 2026 7:58 PM

Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-day

png_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…
Hackers turn bossware against the bosses

Feb 13, 2026 5:58 AM

Tags: access, advisory, attack, awareness, computer, control, corporate, cybersecurity, data, email, endpoint, hacker, identity, infosec, infrastructure, malicious, mfa, monitoring, network, phishing, ransomware, risk, sans, software, tool, training, unauthorized, vulnerability

Ensure these risks are catalogued: Johannes Ullrich, dean of research at the SANS Institute, said this report is an example of how corporate IT teams build infrastructure that attackers then abuse. It’s known that employee monitoring software and security software have been misused like this in the past, he said. He pointed out that software…
HPE Aruba Flaw Exposes Networking Devices to Privilege Escalation and DoS Attacks

Feb 12, 2026 12:59 PM

Tags: 5G, access, advisory, attack, communications, cve, cyber, dos, flaw, service, unauthorized, vulnerability

HPE Aruba Networking has issued a critical security advisory addressing multiple vulnerabilities in its Private 5G Core Platform that could allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system information. The flaws, tracked as CVE-2026-23595, CVE-2026-23596, CVE-2026-23597, and CVE-2026-23598, were discovered by the Communications Security Establishment (CSE) and affect versions 1.24.3.0…
HPE Aruba Flaw Exposes Networking Devices to Privilege Escalation and DoS Attacks

Feb 12, 2026 12:59 PM

Tags: 5G, access, advisory, attack, communications, cve, cyber, dos, flaw, service, unauthorized, vulnerability

HPE Aruba Networking has issued a critical security advisory addressing multiple vulnerabilities in its Private 5G Core Platform that could allow attackers to create unauthorized administrative accounts, disrupt services, and access sensitive system information. The flaws, tracked as CVE-2026-23595, CVE-2026-23596, CVE-2026-23597, and CVE-2026-23598, were discovered by the Communications Security Establishment (CSE) and affect versions 1.24.3.0…
Cyberangriff auf EU-Kommission

Feb 10, 2026 4:15 PM

Tags: advisory, authentication, bug, cve, cvss, cyberattack, endpoint, exploit, germany, ivanti, mail, mobile, usa, vulnerability

Cyberkriminellen ist es gelungen, in ein System der EU-Kommission einzudringen.Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management MDM) .Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es…
Germany warns of state-linked phishing campaign targeting journalists, government officials

Feb 10, 2026 4:15 PM

Tags: access, advisory, communications, cybersecurity, germany, government, intelligence, office, phishing

In a joint advisory issued late last week, Germany’s domestic intelligence agency (BfV) and federal cybersecurity office (BSI) said attackers are attempting to gain access to private messaging accounts in order to monitor confidential communications and potentially compromise broader networks. First seen on therecord.media Jump to article: therecord.media/germany-warns-phishing-campaign-signal-gov-officials-journalists
Critical Fortinet FortiClientEMS flaw allows remote code execution

Feb 9, 2026 11:13 PM

Tags: advisory, cve, flaw, fortinet, malicious, remote-code-execution, sql, vulnerability

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
BeyondTrust Remote Access Products Hit by 0-Day RCE Vulnerability

Feb 9, 2026 7:13 AM

Tags: access, advisory, cyber, flaw, rce, remote-code-execution, risk, vulnerability, zero-day

BeyondTrust has issued an urgent security advisory regarding a critical zero-day vulnerability affecting its popular remote access solutions. The flaw, tracked as CVE-2026-1731, carries a near-maximum severity score of 9.9 out of 10 on the CVSSv4 scale. It poses a significant risk to organizations using self-hosted versions of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The…
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Feb 7, 2026 2:14 PM

Tags: advisory, attack, cyber, germany, malicious, military, office, phishing, threat, verfassungsschutz

Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.”The focus is on high-ranking…
F5 Releases Urgent Security Fixes for Critical Vulnerabilities in BIG”‘IP and NGINX

Feb 6, 2026 10:13 AM

Tags: advisory, cve, cvss, cyber, flaw, risk, vulnerability, waf

F5 released its Quarterly Security Notification, addressing multiple security flaws across its product ecosystem. While F5 classifies the primary vulnerabilities as >>Medium<< severity under their internal policy, the updated CVSS v4.0 scoring system assigns them a score of 8.2, indicating a high risk to enterprise environments. The advisory highlights three specific CVEs impacting BIG-IP Advanced WAF,…
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks

Feb 6, 2026 7:13 AM

Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks

Feb 6, 2026 7:13 AM

Tags: advisory, attack, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, ransomware, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in recent ransomware campaigns. This addition mandates that Federal Civilian Executive Branch (FCEB) agencies remediate the…
Moxa Switches Vulnerability Enables Unauthorized Access through Authentication Bypass

Feb 5, 2026 2:14 PM

Tags: access, advisory, authentication, cyber, flaw, network, unauthorized, vulnerability

Moxa has released a critical security advisory addressing a severe vulnerability affecting multiple series of its industrial Ethernet switches. Tracked as CVE-2024-12297, this flaw allows remote attackers to bypass authentication mechanisms, potentially granting unauthorized access to critical network infrastructure. With a CVSS v4.0 score of 9.2, the vulnerability is classified as critical, urging immediate action from administrators…
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution

Feb 5, 2026 7:13 AM

Tags: advisory, cyber, flaw, mobile, software, update, vpn, vulnerability, windows

WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
Cisco Warns of Meeting Management Flaw Enabling Arbitrary File Upload by Remote Attackers

Feb 5, 2026 6:14 AM

Tags: advisory, cisco, cvss, cyber, flaw, vulnerability

Cisco has released a security advisory detailing a high-severity vulnerability in Cisco Meeting Management (CMM). The flaw, caused by improper input validation, allows authenticated remote attackers to upload arbitrary files and potentially execute commands with root privileges. The vulnerability is located within the Certificate Management feature of the CMM web-based management interface. It has been assigned a CVSS…
Chrome Flaws Enable Arbitrary Code Execution and System Crashes

Feb 4, 2026 9:13 AM

Tags: advisory, browser, chrome, cyber, exploit, flaw, google, linux, macOS, update, vulnerability, windows

Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high”‘severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and Linux users. According to Google’s security advisory, both vulnerabilities were discovered recently and could be exploited…
Frequently Asked Questions About Notepad++ Supply Chain Compromise

Feb 3, 2026 8:13 PM

Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windows

Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
Hikvision Wireless AP Flaw Could Let Attackers Run Arbitrary Commands

Feb 3, 2026 11:13 AM

Tags: access, advisory, cyber, flaw, vulnerability

Hikvision has disclosed a high-severity command execution vulnerability affecting multiple wireless access point models, potentially allowing authenticated attackers to execute arbitrary commands on affected devices. The company released an advisory on January 30, 2026, detailing the security flaw and urging customers to apply patches immediately. Vulnerability Details The vulnerability, tracked as CVE-2026-0709, stems from insufficient input…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
ShinyHunters ramp up new vishing campaign with 100s in crosshairs

Jan 30, 2026 5:21 AM

Tags: advisory, attack, authentication, breach, communications, control, credentials, cybercrime, cybersecurity, data, data-breach, finance, google, group, hacker, hacking, infrastructure, intelligence, login, mfa, microsoft, mobile, okta, phishing, phone, saas, security-incident, social-engineering, tactics, theft, tool, unauthorized

<img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?w=1024" alt="ShinyHunters data dump" class="wp-image-4124689" srcset="https://b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?quality=50&strip=all 2260w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=300%2C182&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=768%2C466&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1024%2C621&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1536%2C931&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=2048%2C1241&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=1150%2C697&quality=50&strip=all 1150w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=277%2C168&quality=50&strip=all 277w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=139%2C84&quality=50&strip=all 139w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=792%2C480&quality=50&strip=all 792w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=594%2C360&quality=50&strip=all 594w, b2b-contenthub.com/wp-content/uploads/2026/01/shiny-hunters-data-dump.png?resize=412%2C250&quality=50&strip=all 412w” width=”1024″ height=”621″ sizes=”auto, (max-width: 1024px) 100vw, 1024px” /> CSOIn operation since 2020, ShinyHunters, also tracked as UNC6040, has stolen data from many well-known…
Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Jan 28, 2026 10:25 PM

Tags: advisory, ai, container, detection, network, risk, tool, vulnerability

Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed,” the official advisory reads. “This allows attackers to escape the sandbox and run arbitrary code.” Sandboxes like vm2 are needed by web and other Node-based applications whose functionality enables users or tools to upload and execute scripts. Because user-controlled code is untrusted by nature, it cannot be allowed…
Critical FortiCloud SSO zero”‘day forces emergency service disablement at Fortinet

Jan 28, 2026 1:21 PM

Tags: advisory, attack, authentication, cisa, cloud, cve, cyber, exploit, fortinet, infrastructure, kev, login, malicious, risk, service, tool, update, vulnerability

Attack details and indicators: Fortinet’s investigation into the exploitation revealed attackers used two specific FortiCloud accounts: “cloud-noc@mail.io” and “cloud-init@mail.io,” though the company warned “these addresses may change in the future.”Fortinet identified multiple IP addresses associated with the attacks, including several Cloudflare-protected addresses that attackers used to obscure their activities.”Following authentication via SSO, it has been…
CISA Urges Public to Stay Alert Against Rising Natural Disaster Scams

Jan 27, 2026 4:21 PM

Tags: advisory, cisa, cyber, cybersecurity, infrastructure, malicious, risk, scam, social-engineering, tactics, threat, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize on the chaos and emotional vulnerability of affected populations by deploying sophisticated social engineering tactics disguised as legitimate relief efforts. According to…
CISA releases technology readiness list for post-quantum cryptography

Jan 27, 2026 3:21 PM

Tags: advisory, authentication, cisa, cryptography, nist, technology

PQC standards and algorithm roadmap: The CISA advisory is aimed at aligning technologies with the nascent PQC standards now added into federal policy. NIST’s post-quantum standardization project and its Federal Information Processing Standards (FIPS) publications formed the baseline for the advisory.These include FIPS 203, which specifies the Module-lattice-Based Key Encapsulation Mechanism (ML-KEM) based on the…
Actively exploited Cisco UC bug requires immediate, version”‘specific patching

Jan 22, 2026 2:30 PM

Tags: advisory, cisa, cisco, communications, cve, exploit, flaw, Internet, kev, mitigation, software, unauthorized, update, vulnerability

No workarounds available: Cisco confirmed in the advisory that there are no workarounds or mitigations available for CVE-2026-20045. The company has released fixes specific to each product version.For Unified Communications Manager, IM&P, SME, and Webex Calling Dedicated Instance running version 14, the company suggested administrators can upgrade to version 14SU5 or apply a version-specific patch…
Critical Vulnerability in Advanced Custom Fields: Extended Plugin Puts 100,000 WordPress Sites at Risk

Jan 21, 2026 4:13 PM

Tags: advisory, flaw, risk, vulnerability, wordpress

A critical security flaw has been discovered in a widely used ACF add-on plugin for WordPress, placing up to 100,000 websites at risk of a full site takeover. The vulnerability affects the Advanced Custom Fields: Extended plugin, an add-on designed to extend the functionality of the popular Advanced Custom Fields ecosystem. An advisory issued about…
UK authorities warn of pro-Russia groups targeting critical infrastructure, local government

Jan 20, 2026 6:45 PM

Tags: advisory, cisa, government, group, infrastructure, russia

The alert comes just over a month after a joint advisory from CISA, the FBI and Western allies citing hacktivist activity against OT providers.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/uk-warn-pro-russia-critical-infrastructure/809992/
The LimaCharlie Manifesto: Security for an Autonomous Future

Jan 20, 2026 3:13 PM

Tags: access, advisory, ai, api, automation, cloud, control, cybersecurity, data, infrastructure, LLM, technology, threat, tool

Cybersecurity is standing at an inflection point. The proliferation of agentic AI and LLMs does not signal a gradual shift, but a radical transformation. The security tools, assumptions, and architectures of the last twenty years can no longer keep pace with the challenges and threats of today. AI changed the rules. Attackers have quickly adapted. …