Patch Alert

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Ddos February 13, 2026

Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware

Ddos February 13, 2026

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers

Ddos February 12, 2026

CVE-2026-1603: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

CVE-2026-1603: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets

Ddos February 12, 2026

Unauthenticated Attacker Can Trap Palo Alto Firewalls in Maintenance Mode Loop (CVE-2026-0229) Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Unauthenticated Attacker Can Trap Palo Alto Firewalls in Maintenance Mode Loop (CVE-2026-0229)

Ddos February 12, 2026

Chrome 145 Patches 3 High-Severity Flaws in CSS & Codecs

Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome 145 Patches 3 High-Severity Flaws in CSS & Codecs

Ddos February 12, 2026

CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys

Ddos February 12, 2026

CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores EverShop Vulnerability Second-Order SQL Injection

EverShop Vulnerability Second-Order SQL Injection

CVE-2026-25993: Critical EverShop SQL Injection (CVSS 9.3) Exposes Stores

Ddos February 12, 2026

5G Core Breach: Critical HPE Aruba Flaw Allows Unauthenticated Admin Takeover HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

5G Core Breach: Critical HPE Aruba Flaw Allows Unauthenticated Admin Takeover

Ddos February 12, 2026

Backup Breach: Critical Acronis Flaws (CVSS 10.0) Allow Data Manipulation

ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Backup Breach: Critical Acronis Flaws (CVSS 10.0) Allow Data Manipulation

Ddos February 11, 2026

Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites WPvivid Backup Vulnerability CVE-2026-1357

WPvivid Backup Vulnerability CVE-2026-1357

Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites

Ddos February 11, 2026

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

Ddos February 11, 2026

“Fiber” Optic Failure: Predictable UUIDs Expose Go Web Framework to Hijacking CVE-2024-25124 Fiber Framework Vulnerability CVE-2025-66630

CVE-2024-25124 Fiber Framework Vulnerability CVE-2025-66630

“Fiber” Optic Failure: Predictable UUIDs Expose Go Web Framework to Hijacking

Ddos February 11, 2026

Sleeping with the Enemy: Dormant Backdoors Found in Ivanti EPMM Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Sleeping with the Enemy: Dormant Backdoors Found in Ivanti EPMM

Ddos February 11, 2026

Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover

ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover

Ddos February 11, 2026

CVE-2026-23906: Authentication Bypass Flaw Hits Apache Druid Analytics Clusters Apache Druid Vulnerability CVE-2026-23906

Apache Druid Vulnerability CVE-2026-23906

CVE-2026-23906: Authentication Bypass Flaw Hits Apache Druid Analytics Clusters

Ddos February 11, 2026

Handshake Halt: GnuTLS 3.8.12 Fixes TLS 1.3 Crash & CPU Exhaustion GnuTLS Vulnerability CVE-2026-1584

GnuTLS Vulnerability CVE-2026-1584

Handshake Halt: GnuTLS 3.8.12 Fixes TLS 1.3 Crash & CPU Exhaustion

Ddos February 11, 2026

CVE-2026-24343: Apache HertzBeat Flaw Opens Door to Resource Exhaustion Apache HertzBeat Vulnerability CVE-2026-24343

Apache HertzBeat Vulnerability CVE-2026-24343

CVE-2026-24343: Apache HertzBeat Flaw Opens Door to Resource Exhaustion

Ddos February 11, 2026

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

HTTP Down: High-Severity Axios Flaw (CVSS 7.5) Crashes Node.js Servers

Ddos February 10, 2026

30-Year-Old Bug: High-Severity libpng Flaw (CVSS 8.3) Exposes Millions of Apps libpng Vulnerability CVE-2026-25646

libpng Vulnerability CVE-2026-25646

30-Year-Old Bug: High-Severity libpng Flaw (CVSS 8.3) Exposes Millions of Apps

Ddos February 10, 2026