Atlassian, GitLab, Zoom Release Security Patches
Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.
The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.
Vulnerability
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover
Threat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining a…
Hackers Targeting Cisco Unified CM Zero-Day
Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.
The post Hackers Targeting Cisco Unified CM Zero-Day appeared first on SecurityWeek.
Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?
CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718…
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-…
GitLab Security Flaws Could Allow Two-Factor Authentication Bypass and DoS
GitLab has released critical security patches addressing multiple vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Versions 18.8.2, 18.7.2, and 18.6.4 are now available to fix flaws that enable two-factor authenticatio…
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significa…
Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure
Impacting Anthropic’s official MCP server, the vulnerabilities can be exploited through prompt injections.
The post Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure appeared first on SecurityWeek.
Carlsberg Event Wristband Leaked PII, Researcher Told Not to Disclose
A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months.
Oracle’s First 2026 CPU Delivers 337 New Security Patches
Oracle’s January 2026 CPU resolves roughly 230 unique vulnerabilities across more than 30 products.
The post Oracle’s First 2026 CPU Delivers 337 New Security Patches appeared first on SecurityWeek.