A critical security flaw in TP-Link’s VIGI surveillance cameras allows attackers on local networks to change admin passwords without permission. CVE-2026-0629 identifies a critical flaw in the camera’s web interface password recovery, rated 8.7 on the CVSS v4.0 scale. The authentication bypass issue arises from incorrect client-side state handling in …
Read More »Canon patches multiple flaws allowing hackers remote access
Canon has issued a security alert for its laser and small office printers, revealing seven critical vulnerabilities that could let remote attackers fully control the devices. These flaws, which all have a CVSS score of 9.8, impact many imageCLASS, i-SENSYS, and Satera models available in the US, Europe, and Japan. …
Read More »Cisco 0-Day RCE Secure Email Gateway Vuln actively Exploited
Cisco has confirmed that a serious zero-day vulnerability allowing remote code execution is being actively exploited in its Secure Email Gateway and Secure Email and Web Manager appliances. The CVE-2025-20393 flaw lets unauthorized attackers run arbitrary root commands by sending specific HTTP requests to the Spam Quarantine feature. Cisco aware …
Read More »Chrome 144 Released, Fixing 10 V8 Engine Vulnerabilities
Google has released Chrome 144 for Windows, Mac, and Linux, fixing 10 security issues, mainly in the V8 JavaScript engine. The rollout is scheduled to reach users progressively over the coming days and weeks. Critical Security Patches for V8 Engine: Chrome version 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and …
Read More »Node.js Security Release Patches 7 Vulns Across Releases
Node.js released security updates on January 13, 2026, fixing vulnerabilities that could cause memory leaks, denial-of-service attacks, and permission bypasses. These updates fix three critical vulnerabilities, among others, urging immediate upgrades for affected systems. High Severity Vulnerabilities: CVE-2025-55131 reveals critical flaws in Buffer.alloc and Uint8Array, resulting from timeout races in …
Read More »Microsoft Patch Tuesday January 2026 addresses 3 zero-days and 114 flaws
Microsoft’s January 2026 updates address 114 vulnerabilities, including critical remote code execution bugs in Office apps and Windows services like LSASS. This Patch Tuesday fixes critical vulnerabilities that allow remote code execution and several privilege escalation problems that could let attackers take over systems. The number of bugs in each …
Read More »CISA orders feds to fix Gogs RCE vuln exploited in zero-day attacks
CISA has instructed government agencies to protect their systems from Gogs vulnerability exploited in zero-day attacks. Designated as CVE-2025-8110, this remote code execution (RCE) vulnerability originates from a path traversal issue within the PutContents API. It empowers authenticated attackers to circumvent the safety measures established for a previously resolved RCE …
Read More »
CIRT Alert
35 unique IP vulnarable via n8n (CVE:2026-21858) instances in Bangladesh
A total of 35 unique IP addresses have been identified exploitable via n8n instances (CVE: 2026-21858). BGD e-GOV CIRT advisory said, these IP address seems to be demonstrating active exploitation activity, indicating real-world targeting and compromise of vulnerable deployments. Affected versons: • n8n self-hosted instances running versions 1.65.0 to below …
Read More »Over 10,000 Fortinet Firewalls Exposed to 5-Year-Old MFA Bypass Vuln
Over 10,000 Fortinet firewalls globally are still vulnerable to CVE-2020-12812, a flaw that allows bypassing multi-factor authentication (MFA) and was revealed over five years ago. Shadowserver added this issue to its daily Vulnerable HTTP Report. CVE-2020-12812 is due to inadequate authentication in FortiOS SSL VPN portals, impacting versions 6.4.0, 6.2.0 …
Read More »Fortinet Warns of 2020 FortiGate Flaw to Bypass 2FA
Fortinet warns that a three-year-old vulnerability allows attackers to bypass 2FA on FortiGate firewalls by merely altering the capitalization of usernames. The vulnerability FG-IR-19-283 (CVE-2020-12812) was reported and fixed in July 2020. Recently, it has been noted that attackers are exploiting this flaw in organizations that haven’t addressed specific configurations. …
Read More »
InfoSecBulletin Cybersecurity for mankind