Alert

Google released an urgent security update for Chrome to address a high-severity zero-day vulnerability being actively exploited. This flaw, known as CVE-2026-2441, affects the browser’s CSS component and could let attackers run harmful code on a victim’s machine through a compromised webpage. Attackers can use a “dangling pointer” to insert …

Palo Alto Networks released a security advisory about a DoS vulnerability in its PAN-OS software, particularly in the Advanced DNS Security feature. The vulnerability, identified as CVE-2026-0229, has a CVSSv4 score of 6.6 and may allow unauthenticated attackers to cause firewalls to restart repeatedly, leading to maintenance mode. The vulnerability …

CISA warned U.S. government agencies on Thursday to protect their systems from a critical Microsoft Configuration Manager vulnerability that was fixed in October 2024 and is currently being exploited. Microsoft Configuration Manager is a tool for IT management of many Windows servers and workstations. CVE-2024-43468 is an SQL injection vulnerability discovered …

Zimbra launched version 10.1.16 addressing serious vulnerabilities like cross-site scripting (XSS), XML external entity (XXE), and LDAP injection. This urgent update, marked as high risk for patch severity and deployment, requires admins to upgrade right away to protect against exploits. Attackers can use unsanitized inputs to insert harmful scripts, which …

Apple has released an urgent security update for all its mobile devices to fix a serious zero-day vulnerability being exploited in a targeted attack describes as an “extremely sophisticated attack” against specific individuals. CVE-2026-20700 is a serious vulnerability that prompted Apple to release iOS 26.3 and iPadOS 26.3 to protect …

Today is Microsoft’s February 2026 Patch Tuesday, featuring security updates for 58 flaws, including 6 that are actively exploited and 3 publicly disclosed zero-day vulnerabilities. This Patch Tuesday fixes five “Critical” vulnerabilities: three elevate privileges and two disclose information. The details of vulnerabilities by category are as follows: 25 Elevation …

Fortinet has released a critical security advisory urging administrators to promptly update FortiClientEMS, its central management tool for endpoint protection. A vulnerability, CVE-2026-21643, has a CVSSv3 score of 9.1 and may enable remote attackers to run unauthorized code on affected servers. The flaw is categorized as an SQL Injection (SQLi) …

Researchers have discovered a large botnet made up of compromised devices that has infiltrated networks worldwide, including sensitive government systems. A report from Silent Push has identified over 10,000 unique IP addresses infected with SystemBC, a proxy malware used by cybercriminals to conceal their actions and deploy ransomware. The discovery …

F5 Networks has issued its Quarterly Security Notification, highlighting several vulnerabilities that may severely impact enterprise infrastructures. F5 rates these flaws as “Medium” severity, but the CVSS v4.0 framework scores the most critical issues at 8.2 (High), indicating serious risks for production environments using BIG-IP, NGINX, and similar components. High-Risk …

CISA announced on Tuesday that a security flaw in SolarWinds Web Help Desk is now listed in its Known Exploited Vulnerabilities catalog, indicating it is actively being targeted in attacks. The vulnerability, CVE-2025-40551 (CVSS score: 9.8), allows untrusted data deserialization that could enable remote code execution. Web Help Desk is …