Friday , July 10 2026

Vulnerabilities

Researchers Identify 175,000 Exposed Ollama AI Servers in 130 Countries

175,000

A joint investigation by SentinelOne SentinelLABS and Censys found that open-source AI deployment has led to a large “unmanaged, publicly accessible AI compute infrastructure” with 175,000 unique Ollama hosts in 130 countries. These systems operate outside the usual safety and monitoring measures set by platform providers. According to the company, …

Read More »

Fortinet discloses actively exploited flaw in FortiOS, FortiAnalyzer and FortiManager

Fortinet

Fortinet has revealed a critical vulnerability affecting its products. The company issued a Public Advisory on January 27 after noticing initial attacks on January 23, when it disabled two malicious accounts exploiting the single sign-on feature in FortiOS. In December 2025, an advisory was issued about two previous SSO bypass …

Read More »

Urgently Patch
ALERT! Microsoft patches actively exploited Office zero-day vuln

office

Microsoft has issued emergency security updates to fix a critical zero-day vulnerability in Microsoft Office that has been actively exploited. The vulnerability, CVE-2026-21509, affects several Office versions: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service). “Reliance on untrusted inputs …

Read More »

GitLab Releases Critical Patches for High-Severity Vulnerabilities

Gitlab

GitLab has released a new patch to fix security vulnerabilities and stability issues in versions 18.8.2, 18.7.2, and 18.6.4 for both Community and Enterprise Editions. These updates are ready for self-managed installations and include crucial bug fixes and security improvements. Administrators should upgrade as soon as possible. The GitLab patch …

Read More »

CISA Adds Actively Exploited VMware vCenter Flaw to KEV Catalog

VMware vCenter

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious security flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog on Friday, noting it was actively being exploited despite a patch released in June 2024. CVE-2024-37079 (CVSS score: 9.8) is a vulnerability related to a heap …

Read More »

CVE-2026-20045
Cisco discloses Unified Communications RCE zero day flaw exploited in attacks

ShinyHunters

Cisco revealed a zero-day RCE vulnerability, CVE-2026-20045, that is being actively exploited. The vulnerability in key Unified Communications products lets unauthenticated attackers execute arbitrary commands on the OS, risking root access. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability …

Read More »

NVIDIA Patches High-Severity Flaws in AI Tools And Graphics

NVIDIA

NVIDIA has issued a dual security alert for developers and data scientists, announcing important updates for its Nsight Graphics and Merlin recommender system. Both vulnerabilities have a high CVSS score of 7.8 and can allow harmful code injection attacks that may compromise entire systems. The flaws jeopardize the tools needed …

Read More »

Oracle patched 337 flaws for over 30 products

Oracle released 337 security patches for more than 30 products in its January 2026 Critical Patch Update (CPU), targeting approximately 230 unique CVEs. Several patches fix CVE-2025-66516 (CVSS score 10/10), a serious Apache Tika vulnerability that may allow XML External Entity (XXE) injection. The vulnerability affects three Apache Tika modules …

Read More »

Zoom Critical Command Injection Vuln allows Remote Code Execution

command injection

A critical command injection flaw in Node Multimedia Routers (MMRs) may let meeting participants run arbitrary code on vulnerable systems. CVE-2026-22844 is a highly critical vulnerability with a CVSS score of 9.9, indicating an urgent need for immediate action. Zoom Command Injection Vulnerability: A command injection flaw is found in …

Read More »

GPT-5.2 Can Develop Zero-Day Exploits: Study unveils

exploit

Recent research shows that AI systems can now handle complex exploit development tasks that used to need specialized human skills. The agents had to create exploits while facing realistic challenges like modern security measures, unknown heap conditions, and restrictions on hardcoded memory addresses. In six scenarios focused on tasks like spawning …

Read More »