SolarWinds fixes four critical Web Help Desk flaws Summary SolarWinds patched four critical vulnerabilities in Web Help Desk that could enable unauthenticated remote code execution and data access. Users should apply the latest updates, restrict external exposure, and review logs for suspicious behaviour. Given prior supply-chain headlines, timely patching and network segmentation are essential. Help […]
Two Ivanti EPMM zero-day RCE flaws (actively exploited) Ivanti released fixes for two actively exploited zero-day RCE vulnerabilities in Endpoint Manager Mobile (EPMM), including CVE-2026-1281, now in CISA’s KEV. Impacted versions and mitigations are detailed by vendors and advisories; exploitation has been observed in the wild. Admins should patch urgently, restrict management interfaces, monitor logs […]
Malicious Chrome extensions steal data and ChatGPT tokens Researchers uncovered malicious Google Chrome extensions that hijack affiliate traffic, harvest data and even steal OpenAI ChatGPT tokens. Some impersonate HR/ERP tools (e.g., Workday/NetSuite) to increase trust, then exfiltrate cookies and credentials. Recommended actions include allowlisting, permission reviews, removing untrusted add-ons, and monitoring for suspicious extension activity […]
Mandiant: “ShinyHunters-style” vishing + SSO/MFA theft Google-owned Mandiant reports an expansion of tactics associated with “ShinyHunters” operations: vishing and victim-branded login pages to harvest SSO credentials and MFA codes, then raid SaaS apps and extort victims. The campaigns lean on believable phone calls, fake portals and quick token reuse to bypass defences. Recommended actions include […]
APT28 is poking Microsoft Office again—patch CVE-2026-21509 APT28 is exploiting CVE-2026-21509, a Microsoft Office security feature bypass. The group uses malicious RTF files to trigger the flaw and deliver either a dropper that installs an Outlook stealer (“MiniDoor”) or a loader that fetches a Covenant implant. Targets include organisations in Ukraine and parts of the […]
Notepad++ update channel hijacked: what happened and what to do Researchers linked a months-long breach of the hosting infrastructure behind Notepad++ to the China-nexus group Lotus Blossom. The attackers compromised shared hosting and intermittently redirected update checks to rogue servers, selectively delivering malicious payloads between June and December 2025. The Notepad++ developer tightened the updater’s […]
Apex Central: critical RCE in on-prem Windows builds Trend Micro patched CVE-2025-69258 (CVSS 9.8) in Apex Central for Windows (on-prem). An unauthenticated attacker can send a crafted message to MsgReceiver.exe (default TCP 20001) to load a malicious DLL via LoadLibraryEX, achieving SYSTEM execution. Two additional DoS issues (CVE-2025-69259/69260, CVSS 7.5) were fixed. Builds below 7190 […]
“BodySnatcher”: when an attacker becomes you in ServiceNow ServiceNow disclosed and fixed CVE-2025-12420 (CVSS 9.3), dubbed BodySnatcher, that could allow unauthenticated user impersonation in its AI Platform—bypassing MFA/SSO and enabling arbitrary actions as another user, including admin. Patches were deployed to most hosted instances on 30 Oct 2025; fixed versions include Now Assist AI Agents […]
FortiSIEM gets an urgent fix for unauthenticated RCE Fortinet patched CVE-2025-64155 (CVSS 9.4), an OS command injection in FortiSIEM’s phMonitor service (TCP 7900) that allows unauthenticated RCE on Super/Worker nodes. The flaw enables argument injection leading to arbitrary file write and privilege escalation to root via a cron-executed script path. A PoC was released by […]
