vulnerability
Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices
Security researchers have discovered a critical vulnerability in Google’s Fast Pair protocol that can allow attackers to hijack Bluetooth audio accessories, track users, and eavesdrop on their conversations. The flaw (tracked as CVE-2025-36911 and dubbed WhisperPair) affects hundreds of millions of wireless headphones, earbuds, and speakers from multiple manufacturers that support Google’s Fast Pair feature. It affects users regardless […]
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. Tracked as CVE-2026-0227, this security flaw affects next-generation firewalls (running PAN-OS 10.1 or later) and Palo Alto Networks’ Prisma Access configurations when the GlobalProtect gateway or portal is enabled. The cybersecurity company says that most […]
Exploit code public for critical FortiSIEM command injection flaw
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet’s Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions […]
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft’s January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses eight “Critical” vulnerabilities, 6 of which are remote code execution flaws and 2 are elevation-of-privilege flaws. The number of bugs in each vulnerability category is listed below: When […]
Trend Micro warns of critical Apex Central RCE vulnerability
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services (including antivirus, content security, and threat detection) and deploy components like antivirus […]
CISA retires 10 emergency cyber orders in rare bulk closure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. CISA said this is the largest number of Emergency Directives it has closed at one time. “By statute, CISA issues […]
VMware ESXi zero-days likely exploited a year before disclosure
Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. In attacks from December 2025 analyzed by Huntress, managed security company, the hackers used a sophisticated virtual machine (VM) escape that likely exploited three VMware […]
Critical jsPDF flaw lets hackers steal secrets via generated PDFs
The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. The flaw is a local file inclusion and path traversal that allows passing unsanitized paths to the file loading mechanism (loadFile) […]
Max severity Ni8mare flaw lets hackers hijack n8n servers
A maximum severity vulnerability dubbed “Ni8mare” allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. The security issue is identified as CVE-2026-21858 and has a 10 out of 10 severity score. According to researchers at data security company Cyera, there are more than 100,000 vulnerable n8n servers. n8n is an open-source […]
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this RCE security flaw affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds. “This vulnerability allows a Backup or Tape Operator to perform remote code execution […]