Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Krebs on Security
Open in Source
#vulnerability#web#ios#windows#google#microsoft#rce#bios#buffer_overflow#zero_day#chrome#firefox#blog
Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution. "Gogs Path

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again and

Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses

Large businesses or governments aren’t the only ones threatened by cyber attacks. Every organization is now equally threatened.…

MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities

Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network.

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomware

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to

Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.

How Cisco Talos powers the solutions protecting your organization

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.