Recent Posts
News•Feb 10, 2026
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed CVE‑2026‑22153, an authentication‑bypass flaw in FortiOS versions 7.6.0 through 7.6.4. The bug lets unauthenticated attackers skip LDAP checks for Agentless VPN or FSSO policies when the directory permits anonymous binds, potentially granting access to internal networks via SSL‑VPN. Exploitation depends on specific LDAP configurations, and Fortinet reports no active abuse. The vendor recommends upgrading to FortiOS 7.6.5 and tightening LDAP and MFA controls.
By eSecurity Planet
News•Feb 9, 2026
OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace
OpenClaw has integrated VirusTotal scanning into its ClawHub marketplace to curb malicious AI skills. The workflow hashes each skill, checks VirusTotal signatures, and submits unknown bundles to Code Insight for deeper analysis, flagging or blocking threats. This move follows security...
By eSecurity Planet
News•Feb 6, 2026
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers have uncovered a threat group called TeamPCP that targets cloud‑native environments by abusing exposed Docker, Kubernetes and other orchestration interfaces. First seen in late 2025, the campaign leverages AI‑driven automation and known flaws such as CVE‑2025‑29927 and React2Shell...
By eSecurity Planet
News•Feb 4, 2026
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
A critical vulnerability (CVE‑2026‑24512) in ingress‑nginx allows authenticated attackers to inject arbitrary Nginx directives via the rules.http.paths.path field, leading to code execution and secret disclosure in Kubernetes clusters. The flaw affects all ingress‑nginx releases before v1.13.7 and v1.14.3. Exploitation requires...
By eSecurity Planet
News•Feb 4, 2026
Chrome Vulnerabilities Allow Code Execution and Browser Crashes
Google released a Chrome update that patches two high‑severity vulnerabilities, CVE‑2026‑1862 and CVE‑2026‑1861, affecting the V8 engine and libvpx video decoder. The V8 type‑confusion flaw can enable arbitrary code execution, while the libvpx heap overflow may cause crashes or be...
By eSecurity Planet
News•Feb 2, 2026
Iconics SCADA Vulnerability Can Render Systems Unbootable
A newly disclosed flaw (CVE‑2025‑0921) in Iconics Suite’s Pager Agent lets a non‑admin attacker manipulate file‑system permissions to overwrite critical Windows driver files. By redirecting log output via symbolic links, the exploit can corrupt the cng.sys driver, causing the system...
By eSecurity Planet
News•Feb 2, 2026
Chrome Ad Blocker Caught Hijacking Amazon Affiliate Links
A Chrome extension called Amazon Ads Blocker, marketed as an ad‑hider, was found to silently replace creator affiliate tags on Amazon product links with its own identifier (10xprofit‑20). Socket researchers discovered the extension injects the tag on page load and...
By eSecurity Planet
News•Jan 30, 2026
Nvidia GPU Driver Flaws Enable Privilege Escalation Across Platforms
Nvidia has released a security update addressing four high‑severity GPU driver vulnerabilities that affect Windows, Linux, virtual GPU, and cloud‑gaming platforms. The flaws—CVE‑2025‑33217 through CVE‑2025‑33220—are use‑after‑free and integer‑overflow bugs with a CVSS rating of 7.8, enabling arbitrary code execution and...
By eSecurity Planet
News•Jan 28, 2026
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack
Fortinet has confirmed that the FortiCloud Single Sign‑On (SSO) authentication bypass vulnerability (CVE‑2026‑24858) is being actively exploited in the wild. The flaw, rated 9.4 on the CVSS scale, affects FortiOS, FortiManager, FortiAnalyzer and FortiProxy, allowing attackers with a valid FortiCloud...
By eSecurity Planet
News•Jan 28, 2026
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
A critical vulnerability (CVE‑2025‑56005) has been disclosed in the Python PLY library version 3.11, allowing attackers to execute arbitrary code by loading a crafted pickle file via the undocumented *picklefile* parameter. The flaw triggers during parser initialization, meaning code runs before...
By eSecurity Planet
News•Jan 27, 2026
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Researchers at Censys have uncovered a growing ecosystem that weaponizes fake CAPTCHA pages to deliver malware. While the pages visually resemble legitimate verification challenges, they conceal more than 30 distinct payload types, including clipboard‑driven scripts, MSI installers, and server‑controlled, fileless...
By eSecurity Planet
News•Jan 21, 2026
GNU InetUtils Telnetd Flaw Lets Attackers Log In as Root
A critical vulnerability has been discovered in GNU InetUtils telnetd versions 1.9.3 through 2.7 that allows remote attackers to obtain root privileges without a password. The flaw stems from an unsanitized USER environment variable that can inject the "-f root"...
By eSecurity Planet
News•Jan 21, 2026
Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise
Oracle has disclosed CVE‑2026‑21962, a critical flaw in its Fusion Middleware WebLogic proxy plug‑ins that permits unauthenticated attackers to compromise Oracle HTTP Server over HTTP. The vulnerability affects Oracle HTTP Server versions 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0, as well as the...
By eSecurity Planet
News•Jan 21, 2026
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
Microsoft Azure’s Private Endpoint design has a DNS flaw that can turn secure Private Link connections into denial‑of‑service conditions. When a Private DNS zone is linked across multiple virtual networks, Azure prefers that zone for name resolution; if the target...
By eSecurity Planet
News•Jan 16, 2026
Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise
A critical Windows Admin Center Azure SSO vulnerability (CVE‑2026‑20965) enables an attacker with local administrator rights on a single Azure VM or Arc‑connected system to forge a WAC.CheckAccess token and a PoP token, impersonating privileged users across the entire tenant. The...
By eSecurity Planet
News•Jan 13, 2026
FortiOS Vulnerability Allows Remote Code Execution Without Login
Fortinet disclosed a heap‑based buffer overflow in the cw_acd daemon of FortiOS and FortiSwitchManager that allows unauthenticated remote code execution. The flaw can be triggered via crafted network requests, especially on exposed fabric interfaces, and affects versions from 6.4.17 up...
By eSecurity Planet
News•Jan 12, 2026
Why the Start of the Year Is Prime Time for Insider Risk
At the start of each year, security teams face heightened insider risk due to workforce transitions such as departures, role changes, and reorganizations. These shifts often create blind spots in identity and access management, leaving dormant or over‑privileged accounts vulnerable...
By eSecurity Planet
News•Jan 12, 2026
Why DNS Resiliency Is Critical as Outages Surge
Service outages are rising, costing Global 2000 firms an estimated $400 billion annually, with DNS failures often at the core of prolonged downtime. The article argues that many organizations lack a true "Plan B" for DNS, relying on slow provider switches that...
By eSecurity Planet
News•Jan 9, 2026
AI Deployments Targeted in 91,000+ Attack Sessions
Researchers observed more than 91,000 attack sessions targeting AI infrastructure over a four‑month window, highlighting a shift from experimental probing to systematic exploitation. The first campaign leveraged server‑side request forgery against Ollama and Twilio webhooks, using a uniform JA4H TLS...
By eSecurity Planet
News•Jan 9, 2026
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical vulnerability (CVE-2026-21876) in the OWASP Core Rule Set lets attackers bypass charset validation, enabling encoded XSS payloads to slip past web application firewalls. The flaw resides in rule 922110, which only inspects the final part of multipart requests,...
By eSecurity Planet
News•Jan 8, 2026
GenDigital Research Exposes AuraStealer Infostealer Tactics
GenDigital researchers detailed AuraStealer, a modular malware‑as‑a‑service infostealer targeting Windows 7‑11 systems. The threat spreads through “scam‑yourself” TikTok videos and cracked software, then harvests credentials, session tokens, and financial data. AuraStealer employs advanced evasion such as exception‑driven API hashing, Heaven’s...
By eSecurity Planet
News•Jan 6, 2026
Flare Researchers Analyze SafePay Ransomware Leak Data
Flare’s research reveals SafePay ransomware’s rapid rise in 2024‑25, focusing on small and mid‑size businesses (SMBs) through a classic double‑extortion model. By publishing over 500 victim records on Tor leak sites, the group pressures targets with regulatory, legal and reputational...
By eSecurity Planet
News•Jan 6, 2026
WordPress Admins Targeted by Renewal Email Phishing Scam
A sophisticated phishing campaign is targeting WordPress administrators with fake domain renewal emails. The emails direct victims to a counterfeit WordPress payment portal that harvests credit‑card details and 3‑D Secure one‑time passwords. Stolen data is immediately relayed to attacker‑controlled Telegram...
By eSecurity Planet
News•Jan 6, 2026
MacOS Flaw Enables Silent Bypass of Apple Privacy Controls
A newly disclosed macOS vulnerability (CVE-2025-43530) lets attackers silently bypass the Transparency, Consent, and Control (TCC) privacy framework by exploiting trusted VoiceOver services. The flaw combines a lax file‑based validation of Apple‑signed binaries with a TOCTOU race condition, enabling arbitrary...
By eSecurity Planet
News•Jan 5, 2026
Handala Leak Shows Telegram Account Risk, Not iPhone Hacks
Iran‑linked group Handala claimed full phone compromise of former Israeli PM Naftali Bennett and Chief of Staff Tzachi Braverman, but Kela researchers found the breach was limited to their Telegram accounts. The attackers likely used SIM‑swap, SS7 interception, phishing lures...
By eSecurity Planet