More results...
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer…
The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a…
New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising conn…
A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracke…
A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface. The flaw, tracked as CVE-2025-14756,…
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm.
The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wi…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory alerting the public to heightened risks of malicious cyber activity targeting disaster victims. As natural disasters strike communities, threat actors capitalize…
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…
The flaws allow threat actors to obtain root privileges or bypass authentication via Telnet and gain shell access as root.
The post Organizations Warned of Exploited Linux Vulnerabilities appeared first on SecurityWeek.