Cisco has issued urgent updates to fix a critical zero-day (CVE-2026-20127) vulnerability in its Catalyst SD-WAN products. A sophisticated threat actor named UAT-8616 is exploiting this flaw to gain deep access to enterprise networks. An unauthenticated remote attacker can exploit this weakness by sending specific requests to a vulnerable system. …
Read More »ALERT
(CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)
VMware Aria Operations updates address multiple vulnerabilities
Broadcom published security advisory VMSA-2026-0001 on February 24, 2026, revealing three vulnerabilities in VMware Aria Operations that may enable attackers to run unauthorized commands remotely. VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure have flaws, but patches are now available for all affected …
Read More »
Microsoft admits
Copilot reads ‘confidential emails’ bypassing DLP policies
Microsoft has admitted that a coding bug accidentally allowed Copilot Chat to access and summarize confidential emails. Microsoft said that a bug in Microsoft 365 Copilot allowed the AI assistant to access private emails, raising serious privacy issues for companies using the service. Bleeping Computer reports, the flaw bypasses data loss …
Read More »CISA warns feds to fix Dell flaw within 3 days
CISA has ordered government agencies to fix a serious Dell flaw within three days, which has been actively exploited since mid-2024. Mandiant and the Google Threat Intelligence Group report that a vulnerability (CVE-2026-22769) involving hardcoded credentials in Dell’s RecoverPoint is being exploited by a suspected Chinese hacking group named UNC6201. …
Read More »Microsoft fixes 6 zero-days, 58 flaws in February 2026 Patch Tuesday
Today is Microsoft’s February 2026 Patch Tuesday, featuring security updates for 58 flaws, including 6 that are actively exploited and 3 publicly disclosed zero-day vulnerabilities. This Patch Tuesday fixes five “Critical” vulnerabilities: three elevate privileges and two disclose information. The details of vulnerabilities by category are as follows: 25 Elevation …
Read More »
ALERT
FortiClientEMS Vuln Let Attackers Execute Malicious Code Remotely
Fortinet has released a critical security advisory urging administrators to promptly update FortiClientEMS, its central management tool for endpoint protection. A vulnerability, CVE-2026-21643, has a CVSSv3 score of 9.1 and may enable remote attackers to run unauthorized code on affected servers. The flaw is categorized as an SQL Injection (SQLi) …
Read More »Almost 5 million web servers expose Git metadata
A study revealed that almost 5 million servers expose Git metadata, including 250,000 that leak deployment credentials through .git/config files. A 2026 study from the Mysterium VPN research team found that about 5 million public web servers are leaking Git repository metadata, including over 250,000 that expose .git/config files with …
Read More »CISA Flags Actively Exploited SolarWinds RCE Flaw to KEVÂ
CISA announced on Tuesday that a security flaw in SolarWinds Web Help Desk is now listed in its Known Exploited Vulnerabilities catalog, indicating it is actively being targeted in attacks. The vulnerability, CVE-2025-40551 (CVSS score: 9.8), allows untrusted data deserialization that could enable remote code execution. Web Help Desk is …
Read More »Hikvision Patches Command Injection in DS-3WAP Access Points
Hikvision has released an important firmware update for its wireless access points (APs) to fix a serious vulnerability that could let attackers take control of the devices. Known as CVE-2026-0709, this flaw has a CVSS score of 7.2, indicating a high risk for businesses using these devices for connectivity. The …
Read More »Hackers Exploiting Microsoft Office 0-day Vuln to Deploy Malware: CERT warn
The Russia-linked group UAC-0001, or APT28, is exploiting a zero-day vulnerability in Microsoft Office. The group exploits this flaw to install advanced malware targeting Ukrainian government and EU organizations. The vulnerability, identified as CVE-2026-21509, was disclosed by Microsoft on January 26, 2026, with warnings about active exploitation in the wild. …
Read More »
InfoSecBulletin Cybersecurity for mankind