Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Ravie LakshmananFeb 18, 2026Vulnerability / Application Security Notepad++ has released a security fix to plug gaps that were exploited by...
2026Vulnerability
Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers
Ravie LakshmananFeb 16, 2026Vulnerability / Encryption A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and...
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
Ravie LakshmananFeb 12, 2026Vulnerability / Network Security A significant chunk of the exploitation attempts targeting a newly disclosed security flaw...
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Ravie LakshmananFeb 10, 2026Vulnerability / Network Security Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that...
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Ravie LakshmananFeb 09, 2026Vulnerability / Endpoint Security Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat...
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
Ravie LakshmananFeb 03, 2026Vulnerability / Malware The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to...
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
Ravie LakshmananFeb 02, 2026Vulnerability / Artificial Intelligence A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as...
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
Ravie LakshmananJan 30, 2026Vulnerability / Email Security SmarterTools has addressed two more security flaws in SmarterMail email software, including one...
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ravie LakshmananJan 30, 2026Vulnerability / Enterprise Security Ivanti has rolled out security updates to address two security flaws impacting Ivanti...
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Ravie LakshmananJan 29, 2026Vulnerability / Software Security SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web...
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js...
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Ravie LakshmananJan 28, 2026Vulnerability / Threat Intelligence Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially...
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version...
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
Ravie LakshmananJan 24, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical...
