Alert

A serious security flaw in WinRAR, a popular file compression tool for Windows, is being exploited by attackers to gain unauthorized access to systems. CVE-2025-8088 is a vulnerability that lets attackers insert harmful files into sensitive system folders unnoticed, giving them control over Windows computers. The security flaw was first …

Fortinet has revealed a critical vulnerability affecting its products. The company issued a Public Advisory on January 27 after noticing initial attacks on January 23, when it disabled two malicious accounts exploiting the single sign-on feature in FortiOS. In December 2025, an advisory was issued about two previous SSO bypass …

Microsoft has issued emergency security updates to fix a critical zero-day vulnerability in Microsoft Office that has been actively exploited. The vulnerability, CVE-2026-21509, affects several Office versions: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service). “Reliance on untrusted inputs …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious security flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog on Friday, noting it was actively being exploited despite a patch released in June 2024. CVE-2024-37079 (CVSS score: 9.8) is a vulnerability related to a heap …

Cisco revealed a zero-day RCE vulnerability, CVE-2026-20045, that is being actively exploited. The vulnerability in key Unified Communications products lets unauthenticated attackers execute arbitrary commands on the OS, risking root access. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability …

Fortinet customers are observing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. One affected admins said that Fortinet has allegedly confirmed that the latest FortiOS version (7.4.10) didn’t fully address this authentication bypass vulnerability, which should’ve been patched in early …

NVIDIA has issued a dual security alert for developers and data scientists, announcing important updates for its Nsight Graphics and Merlin recommender system. Both vulnerabilities have a high CVSS score of 7.8 and can allow harmful code injection attacks that may compromise entire systems. The flaws jeopardize the tools needed …

Oracle released 337 security patches for more than 30 products in its January 2026 Critical Patch Update (CPU), targeting approximately 230 unique CVEs. Several patches fix CVE-2025-66516 (CVSS score 10/10), a serious Apache Tika vulnerability that may allow XML External Entity (XXE) injection. The vulnerability affects three Apache Tika modules …

A critical security flaw in TP-Link’s VIGI surveillance cameras allows attackers on local networks to change admin passwords without permission. CVE-2026-0629 identifies a critical flaw in the camera’s web interface password recovery, rated 8.7 on the CVSS v4.0 scale. The authentication bypass issue arises from incorrect client-side state handling in …

A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. Security researcher Zach Hanley from Horizon3.ai reported vulnerability CVE-2025-64155, which combines two issues that enable arbitrary writes with admin permissions and privilege escalation to root access. “An improper neutralization of special elements used …