Internet Security

Nation-state and criminal actors leverage WinRAR flaw in attacks

January 29, 2026 add comment
Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including... Read more »

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

January 29, 2026 add comment
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a... Read more »

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

January 28, 2026 add comment
Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw under... Read more »

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

January 28, 2026 add comment
Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of... Read more »

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

January 27, 2026 add comment
Meta announced new Strict Account Settings on WhatsApp to better protect high-risk users from advanced cyber attacks. Meta announced new Strict Account Settings on WhatsApp to enhance the security... Read more »

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

January 27, 2026 add comment
Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed... Read more »

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

January 27, 2026 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security... Read more »

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

January 27, 2026 add comment
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting... Read more »

Dormakaba flaws allow to access major organizations’ doors

January 27, 2026 add comment
Researchers found over 20 flaws in Dormakaba access systems that could let attackers remotely unlock doors at major organizations. Researchers from SEC Consult discovered and fixed more than 20... Read more »

Emergency Microsoft update fixes in-the-wild Office zero-day

January 26, 2026 add comment
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited... Read more »
Subscribe to our Newsletter