vulnerability
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 […]
Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties. LNK shortcuts were introduced with Windows 95 and use a complex […]
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. The security issue is tracked as CVE-2026-1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead […]
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular […]
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Today is Microsoft’s February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses five “Critical” vulnerabilities, 3 of which are elevation of privileges flaws and 2 information disclosure flaws. The number of bugs in each vulnerability category is listed below: When GeekFeed […]
Microsoft releases Windows 10 KB5075912 extended security update
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, […]
Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
Hackers are exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to deploy legitimate tools for malicious purposes, such as the Zoho ManageEngine remote monitoring and management tool. The attacker targeted at least three organizations and also leveraged Cloudflare tunnels for persistence, and the Velociraptor cyber incident response tool for command and control (C2). The malicious activity was spotted […]
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data. The company’s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM) set up by an employee. “Prior to […]
BeyondTrust warns of critical RCE flaw in remote support software
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. Tracked as CVE-2026-1731, this pre-authentication remote code execution vulnerability stems from an OS command injection weakness discovered by Harsh Jaiswal and the Hacktron AI team, and it […]
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. Collectively tracked as CVE-2026-25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the […]