Zoom patches Windows and iOS flaws that can expose systems to privilege escalation
Zoom has patched three security vulnerabilities affecting Zoom Rooms for Windows, the Zoom Workplace VDI Plugin for Windows, and Zoom Workplace for iOS. The two…
Threat actors use Vercel AI tools to create realistic phishing sites at scale
Threat actors are abusing Vercel and its AI website-building tools to create realistic phishing pages that imitate trusted brands and steal login credentials. Cofense researchers…
No blind spots: how MSSPs prevent incidents with live threat visibility
MSSPs prevent incidents by seeing active threats early, connecting that intelligence to client environments, and acting before alerts turn into breaches. That visibility depends on…
Ivanti patches seven vulnerabilities across Secure Access, Xtraction, vTM, and Endpoint Manager
Ivanti has released its May 2026 security updates, fixing seven vulnerabilities across four enterprise products: Ivanti Secure Access Client, Ivanti Xtraction, Ivanti Virtual Traffic Manager,…
Open WebUI patches SVG profile image flaw that could lead to one-click RCE
Open WebUI has patched a stored cross-site scripting flaw that could let attackers abuse SVG profile images to run malicious JavaScript in a victim’s browser.…
Critical FortiSandbox flaw lets unauthenticated attackers run code
Fortinet has fixed a Critical vulnerability in FortiSandbox that could let remote attackers execute unauthorized code or commands without logging in. The flaw is tracked…
Fortinet patches critical FortiSandbox flaw and four more enterprise vulnerabilities
Fortinet has patched five security vulnerabilities affecting FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS, FortiAP, FortiAP-W2, FortiAP-U, FortiOS, FortiAnalyzer, and FortiManager. The most serious issue is CVE-2026-26083,…
Microsoft’s May 2026 Patch Tuesday fixes 120 flaws with no zero-days reported
Microsoft’s May 2026 Patch Tuesday update fixes 120 security flaws across Windows, Office, SharePoint, Dynamics 365, SQL Server, Azure tools, Visual Studio Code, and Microsoft…
ODINI Research Shows Faraday Cages Cannot Fully Stop Air-Gap Data Leaks
ODINI is a proof-of-concept malware technique that can leak data from air-gapped computers by controlling magnetic fields generated by the CPU. The research shows that…
JDownloader Website Hack Served Python RAT Through Fake Installers
JDownloader’s official website was compromised in early May 2026, allowing attackers to replace some installer download links with malicious files. The attack affected users who…
November 21, 2025
1 comment 
