Cisco released a security update to address an actively exploited vulnerability impacting Cisco Catalyst SD-WAN Controller and SD-WAN Manager. Tracked as CVE-2026-20127, successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. CISA also acknowledged the active exploitation of the vulnerability and added it to its Known Exploited Vulnerabilities Catalog. CISA … Continue reading “Cisco SD-WAN Controller and Manager Authentication Bypass Vulnerability (CVE-2026-20127)”
Google Patches its First Zero-day Vulnerability of the Year (CVE-2026-2441)
Google released a security advisory to address a high-severity zero-day vulnerability in Chrome. Tracked as CVE-2026-2441, the vulnerability is being exploited in the wild. The vulnerability is a use-after-free flaw in the CSS browser’s CSS handling. An independent researcher, Shaheen Fazim, discovered and reported the vulnerability to Google on February 11, 2026.
CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about an actively exploited vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. Tracked as CVE-2026-1731, successful exploitation of the vulnerability could allow an unauthenticated remote attacker to achieve remote code execution by sending specially crafted requests. CISA urged users to patch the vulnerability before February 16, 2026. BeyondTrust mentioned in the advisory, … Continue reading “CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)”
Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)
Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple. The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit … Continue reading “Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)”
FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2026-21643)
Fortinet released a security advisory to address a critical severity vulnerability impacting FortiClientEMS. Tracked as CVE-2026-21643, successful exploitation of the vulnerability could lead to arbitrary code execution on the target system. The vulnerability has a CVSS score of 9.1.
Microsoft Patch Tuesday, February 2026 Security Update Review
Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise environments. Here’s a quick breakdown of what you need to know. This month’s release addresses 61 vulnerabilities, including five critical and 52 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed six zero-day vulnerabilities that have been exploited in the wild. Microsoft addressed one vulnerability in Microsoft Edge (Chromium-based) that was patched earlier this month.
FortiOS and FortiSwitchManager Code Execution Vulnerability (CVE-2025-25249)
Fortinet Product Security Team discovered a security vulnerability impacting FortiOS and FortiSwitchManager. Tracked as CVE-2025-25249, the vulnerability is a high-severity issue with a CVSS score of 7.3. The heap-based buffer overflow vulnerability exists in FortiOS and FortiSwitchManager cw_acd daemon. The vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Microsoft Patch Tuesday, January 2026 Security Update Review
Starting the year on a security-first note, Microsoft’s January 2026 Patch Tuesday resolves several vulnerabilities that could impact enterprise environments. Here’s a quick breakdown of what you need to know. This month’s release addresses 115 vulnerabilities, including eight critical and 106 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed three zero-day vulnerabilities. One of them was exploited, and two are publicly disclosed. Microsoft addressed one vulnerability in Microsoft Edge (Chromium-based) that was patched earlier this month.
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability (CVE-2026-20029)
Cisco released a security advisory to address a medium-severity vulnerability impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC. Tracked as CVE-2026-20029, the vulnerability may allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. Cisco mentioned in their advisory that “Cisco PSIRT is aware that proof-of-concept exploit code is available for the … Continue reading “Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability (CVE-2026-20029)”
N8n Warns of Remote Code Execution Vulnerability (CVE-2026-21877)
N8n is vulnerable to a maximum severity flaw that could allow an authenticated attacker to execute arbitrary code with the privileges of the n8n process. Tracked as CVE-2026-21877, the vulnerability has a CVSS score of 10. Under certain conditions, an authenticated user may cause untrusted code to be executed by the n8n service. This could … Continue reading “N8n Warns of Remote Code Execution Vulnerability (CVE-2026-21877)”