Internet Security

Critical SmarterMail vulnerability under attack, no CVE yet

January 22, 2026 add comment
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being... Read more »

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

January 22, 2026 add comment
Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack cluster observed... Read more »

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

January 22, 2026 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency... Read more »

Cisco fixed actively exploited Unified Communications zero day

January 22, 2026 add comment
Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild. Cisco patched a critical zero-day remote code execution... Read more »

Zoom fixed critical Node Multimedia Routers flaw

January 21, 2026 add comment
Zoom addressed a critical security vulnerability, tracked as CVE-2026-22844, that could result in remote code execution. Cloud-based video conferencing and online collaboration platform Zoom released security updates to address... Read more »

ACME flaw in Cloudflare allowed attackers to reach origin servers

January 21, 2026 add comment
Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01... Read more »

Crooks impersonate LastPass in campaign to harvest master passwords

January 21, 2026 add comment
Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January... Read more »

VoidLink shows how one developer used AI to build a powerful Linux malware

January 21, 2026 add comment
VoidLink is a cloud-focused Linux malware, likely built by one person using AI, offering loaders, implants, rootkit evasion, and modular plugins. Check Point researchers uncovered VoidLink, a cloud-focused Linux... Read more »

PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion

January 20, 2026 add comment
Threat actors use PDFSIDER malware with social engineering and DLL sideloading to bypass AV/EDR, and ransomware gangs already abuse it. Resecurity has learned about PDFSIDER during an investigation of... Read more »

Access broker caught: Jordanian pleads guilty to hacking 50 companies

January 20, 2026 add comment
A Jordanian man pleaded guilty in the US to selling illegal access to 50 compromised enterprise networks after an undercover sting. A Jordanian national Feras Khalil Ahmad Albashiti (40),... Read more »
Subscribe to our Newsletter