Search results for tag #advisory
snap-confine / systemd-tmpfiles Local Privilege Escalation https://packetstorm.news/files/217354 #exploit #advisory
Critical Unpatched Telnetd Flaw Enables Unauthenticated Root Remote Code Execution
GNU InetUtils telnetd contains a critical unpatched buffer overflow (CVE-2026-32746) that allow unauthenticated remote code execution.
**Another critical and trivial flaw in Telnet. Check if you are using Telnet anywhere in your network. It's urgent. Stop using Telnet and switch to SSH. Naturally, as a first step make sure to isolate the Telnet interface to trusted networks. But that's not a good long term approach, Telnet is inherently a lot less secure than SSH.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-telnetd-flaw-enables-unauthenticated-root-remote-code-execution-1-g-5-5-g/gD2P6Ple2L
openSUSE Security Advisory - openSUSE-SU-2026:10353-1 https://packetstorm.news/files/217278 #advisory
SUSE Security Advisory - SUSE-SU-2026:0900-1 https://packetstorm.news/files/217226 #advisory
ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
The ForceMemo campaign compromises hundreds of GitHub Python repositories by using stolen credentials from malicious extensions to force-push obfuscated malware. The attack uses the Solana blockchain for resilient command-and-control to exfiltrate sensitive data like crypto wallets and SSH keys.
**If you install Python packages from GitHub or clone repos to run locally, stop and audit any recently cloned projects for the marker variable lzcdrtfxyqiplpd in Python files, unexpected ~/init.json files, or a Node.js installation (~/node-v22*) in your home directory. Don't install packages directly from GitHub URLs without verifying the source code matches the last known legitimate commit from the original author and review your git credential storage and environment variables for signs of token theft, especially if you use VS Code or Cursor IDE extensions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push-h-1-d-d-j/gD2P6Ple2L
Apple Patches 'Coruna' Exploit Kit Targeting Legacy iOS Devices
Apple released emergency patches for older iOS devices to block the 'Coruna' exploit kit, a collection of 23 vulnerabilities used by state-sponsored and criminal actors to hijack iPhones and steal cryptocurrency.
**If you have older iPhones in your organization that cannot run the latest OS, update them to the latest security releases immediately or retire them. These 'second-hand' exploits prove that even old vulnerabilities are actively traded and used in high-volume attacks against unsuspecting users.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/apple-patches-coruna-exploit-kit-targeting-legacy-ios-devices-b-0-4-7-g/gD2P6Ple2L
Veeam Patches Critical RCE Vulnerabilities in Backup & Replication Software
Veeam patched critical RCE vulnerabilities (CVSS 9.9) in its Backup & Replication software that allow authenticated users to take full control of backup servers.
**If you are using Veeam Software, make sure it's isolated both from the internet and from your main domain so a single stolen password doesn't lead to total data loss. Then plan a quick patch cycle, since any isolation will be breached given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/veeam-patches-critical-rce-vulnerabilities-in-backup-replication-software-o-1-9-7-u/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0858-1 https://packetstorm.news/files/216989 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10313-1 https://packetstorm.news/files/216988 #advisory
Red Hat Security Advisory 2026-4306-03 https://packetstorm.news/files/216981 #advisory
Fortinet FortiManager vulnerability allows remote command execution
Fortinet has patched a high-severity stack-based buffer overflow in FortiManager (CVE-2025-54820) that allows remote unauthenticated attackers to execute unauthorized commands by sending crafted requests to the fgtupdates service.
**If you are using Fortinet FortiManager, plan a quick patch. In the interim, make sure the HTTP/HTTPS interface is isolated from the internet or disable fgtupdates in the system interface settings to close the attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-fortimanager-vulnerability-allows-remote-command-execution-d-2-v-g-c/gD2P6Ple2L
Critical Vulnerabilities in Apeman ID71 Cameras Allow Remote Takeover
CISA warned of three vulnerabilities in Apeman ID71 cameras, including a critical credential exposure (CVE-2025-11126), that allow remote attackers to take full control of devices and view private feeds.
**If you are using Apeman ID71, this is urgent - there's a PoC exploit already available so hackers are probably already looking for these devices. Isolate these cameras from the internet immediately and use a VPN for any necessary remote access. Because the vendor is not providing patches, you should consider replacing these devices with a more secure, supported brand.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-apeman-id71-cameras-allow-remote-takeover-2-r-s-f-e/gD2P6Ple2L
Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption
Nginx UI version 2.3.3 patches a critical vulnerability (CVE-2026-27944) that allows unauthenticated attackers to download and decrypt full server backups. The flaw exposes sensitive data including SSL private keys, admin credentials, and server configurations via an unprotected API endpoint.
**If you are using Nginx UI, first make sure they are isolated from the internet. Then patch to version 2.3.3 immediately because the exploit is trivial - especially if your Nginix UI is exposed to the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-nginx-ui-flaw-allows-unauthenticated-backup-theft-and-decryption-l-t-k-6-p/gD2P6Ple2L
Critical Vulnerabilities in Lantronix EDS Series Allow Root-Level Takeover
Lantronix patched eight vulnerabilities in its EDS3000PS and EDS5000 terminal servers, including critical flaws that allow unauthenticated attackers to bypass security and execute commands with root privileges.
**If you are using Lantronix terminal servers, review this advisory. As usual, first priority is to isolate these devices from the public internet and restrict management access to trusted VPNs only. Then plan a quick update cycle, don't ignore these issues. There are two critical flaws that are trivial to exploit and hackers will find a way around the isolation given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-lantronix-eds-series-allow-root-level-takeover-t-7-6-1-q/gD2P6Ple2L
Critical Authentication Bypass in Honeywell IQ4x BMS Controllers Allows Remote Takeover
Honeywell IQ4x BMS controllers contain a maximum severity critical vulnerability (CVE-2026-3611) that allows unauthenticated attackers to create administrative accounts and take full control of building management systems.
**If you are using Honeywell IQ4x Building Management System (or any BMS), make sure it's isolated from the internet and accessible only from trusted networks. Then reach out to Honeywell for updates. Don't wait to isolate your systems. This is maximum severity flaw, and it will be exploited very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-honeywell-iq4x-bms-controllers-allows-remote-takeover-j-p-z-w-f/gD2P6Ple2L
Critical Gogs Vulnerability Enables Silent Supply-Chain Attacks via LFS Overwrites
Gogs patched a critical vulnerability (CVE-2026-25921) that allows unauthenticated attackers to overwrite Git Large File Storage (LFS) objects across repositories, enabling silent supply-chain attacks.
**If you are using Gogs, this is important, and if you have public access or registration to Gogs, it's urgent. Attackers can exploit this flaw to inject their malicious versions of binaries. You should not only update to version 0.14.2 ASAP and verify the integrity of your existing large files to ensure they haven't been replaced with malicious versions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerability-enables-silent-supply-chain-attacks-via-lfs-overwrites-g-z-x-s-r/gD2P6Ple2L
Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking
AVideo version 6.0 contains a critical zero-click command injection vulnerability (CVE-2026-29058) that allows unauthenticated attackers to execute arbitrary OS commands and hijack video streams.
**If you are using AVideo platform this is urgent and important. Patch ASAP to version 7.0, because your server will be attacked. Until you update today, use a web application firewall or reverse proxy to block access to the getImage.php component.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zero-click-command-injection-in-avideo-platform-allows-stream-hijacking-w-3-3-3-s/gD2P6Ple2L
Google Issues Emergency Chrome Update to Patch 10 Security Vulnerabilities
Google released an emergency update for Chrome to patch 10 vulnerabilities, including three critical flaws in ANGLE, PowerVR, and Skia that allow for remote code execution.
**This is important! If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. There are multiple critical flaws and even if there is no active exploitation, there will be quite soon. Don't wait for the flaws to become actively exploited. Update now, it's trivial and all your tabs reopen after the update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-issues-emergency-chrome-update-to-patch-10-security-vulnerabilities-d-8-b-c-g/gD2P6Ple2L
Cisco Issues Emergency Patches for Critical Root-Level Firewall Management Flaws
Cisco patched two critical vulnerabilities (CVE-2026-20079 and CVE-2026-20131) in its Secure Firewall Management Center that allow unauthenticated remote attackers to gain root access and execute arbitrary code.
**If you are using Cisco FMC on premise, this is urgent and important. Make sure the web interface of the FMC is isolated and accessible only from trusted networks. Then apply a very quick patch, since even if isolated, a lot of attackers will be building tools to attack it after they do a successful phishing or endpoint compromise.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-issues-emergency-patches-for-critical-root-level-firewall-management-flaws-i-7-p-d-v/gD2P6Ple2L
Red Hat Security Advisory 2026-3752-03 https://packetstorm.news/files/216555 #advisory
Multiople Flaws Reported in Mobiliti EV Charging Infrastructure
Mobiliti's e-mobi.hu charging platform contains four vulnerabilities, including a critical authentication bypass (CVSS 9.4), that allow attackers to impersonate charging stations and disrupt services. With no vendor patches available, organizations must isolate these systems from the internet and use VPNs for remote access.
**If you use Mobiliti charging stations, treat them as untrusted devices and make sure they are isolated from the public internet immediately. The vendor isn't responding with patches.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiople-flaws-reported-in-mobiliti-ev-charging-infrastructure-8-7-j-9-3/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
IBM Patches Critical Remote Code Execution Flaws in QRadar SIEM
IBM patched 11 vulnerabilities in QRadar SIEM 7.5.0, including a critical net-snmp flaw (CVE-2025-68615) that allows unauthenticated remote attackers to crash the system or execute arbitrary code.
**If you are using IBM QRadar 7.5.0 branch, review its exposure to untrusted networks, then plan a patch cycle. It's not urgent especially if your SIEM is properly isolated, but should not be ignored.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ibm-patches-critical-remote-code-execution-flaws-in-qradar-siem-x-k-v-g-z/gD2P6Ple2L
openSUSE Security Advisory - openSUSE-SU-2026:20262-1 https://packetstorm.news/files/216320 #advisory
SUSE Security Advisory - SUSE-SU-2026:0657-1 https://packetstorm.news/files/216319 #advisory
Critical Vulnerabilities in SWITCH EV Charging Platform Allow Station Impersonation
SWITCH EV's charging platform contains four vulnerabilities, including a critical authentication bypass (CVE-2026-27767), that allow attackers to impersonate charging stations and hijack sessions.
**Make sure your SWITCH EV station management is isolated from the internet and behind a firewall or VPN. Since the vendor has not released a patch that's your only defense until the vendor does something or you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-switch-ev-charging-platform-allow-station-impersonation-e-g-h-5-x/gD2P6Ple2L
Multiple Vulnerabilities Discovered in Chargemap Platform
Chargemap's charging platform contains four vulnerabilities, including a critical authentication bypass (CVE-2026-25851), that allow unauthenticated attackers to impersonate charging stations and gain administrative control.
**Make sure your Chargemap station management is isolated from the internet and behind a firewall or VPN. Since the vendor has not released a patch that's your only defense until the vendor does something or you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-discovered-in-chargemap-platform-z-y-h-q-j/gD2P6Ple2L
Multiple Vulnerabilities Reported in EV Energy Charging Platform
EV Energy's charging platform contains four vulnerabilities, including a critical authentication bypass (CVE-2026-27772), that allow attackers to hijack electric vehicle charging stations and disrupt energy infrastructure.
**Make sure to isolate EV Energy systems from the public internet and use a VPN for any required remote management. Since the vendor hasn't released a patch, this is your only defense until you replace these systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-ev-energy-charging-platform-allow-remote-hijacking-b-x-t-d-l/gD2P6Ple2L
Critical Authentication and Session Flaws Discovered in Mobility46 EV Charging Stations
Mobility46's EV charging platform contains four vulnerabilities, including a critical authentication bypass (CVE-2026-27028), that allow attackers to impersonate charging stations and seize administrative control. The vendor has not responded with a patch.
**If you operate Mobility46 charging stations, make sure that the systems are isolated from the internet and accessible only from trusted networks or VPN.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-and-session-flaws-discovered-in-mobility46-ev-charging-stations-h-c-g-0-l/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0635-1 https://packetstorm.news/files/216272 #advisory
Multiple Vulnerabilities in CloudCharge EV Platform, Including One Critical
CloudCharge's EV charging platform contains four vulnerabilities, including a critical authentication bypass (CVE-2026-20781), that allow attackers to impersonate charging stations and hijack sessions.
**Treat your EV charging stations as high-risk entry points and disconnect them from the public internet immediately. Since the vendor hasn't provided a fix, your only real defense is to isolate these systems behind a VPN and very strict firewall rules**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-in-cloudcharge-ev-platform-including-one-critical-f-b-y-d-0/gD2P6Ple2L
openSUSE Security Advisory - openSUSE-SU-2026:10246-1 https://packetstorm.news/files/216264 #advisory
OpenAI - Disrupting Malicious Uses Of Our Models https://packetstorm.news/files/216248 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:20260-1 https://packetstorm.news/files/216213 #advisory
SUSE Security Advisory - SUSE-SU-2026:0617-1 https://packetstorm.news/files/216212 #advisory
Red Hat Security Advisory 2026-3358-03 https://packetstorm.news/files/216199 #advisory
Cisco Catalyst SD-WAN Zero-Day Exploited by Sophisticated Threat Actor UAT-8616
Cisco reports a critical authentication bypass (CVE-2026-20127) in Catalyst SD-WAN being exploited by threat actor UAT-8616 to gain root access and manipulate network fabrics. The actor uses a complex chain involving software downgrades and path traversal to maintain long-term persistence in high-value targets.
**If you are using Cisco Catalyst SD-WAN Controller or Cisco Catalyst SD-WAN Manager this is urgent. The flaw is already exploited so your SD-WAN might already be compromised without showing obvious signs. Immediately audit your logs for unauthorized SSH keys and peering events, then apply the latest Cisco security updates. Until you patch, restrict access to ports 22 and 830 to trusted controller IPs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-catalyst-sd-wan-zero-day-exploited-by-sophisticated-threat-actor-uat-8616-h-6-g-0-b/gD2P6Ple2L
FreeBSD Security Advisory - FreeBSD-SA-26:04.jail https://packetstorm.news/files/216125 #advisory #advisory
FreeBSD Security Advisory - FreeBSD-SA-26:05.route https://packetstorm.news/files/216124 #advisory #advisory
SUSE Security Advisory - SUSE-SU-2026:0599-1 https://packetstorm.news/files/216121 #advisory
Google Issues Chrome Update for High-Severity Vulnerabilities
Google issued an update for Chrome to patch three high-severity vulnerabilities, including memory corruption and sandbox bypass flaws that could allow remote code execution.
**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Even if the flaws are not critical, you shouldn't wait for them to become actively exploited. Update now, it's trivial and all your tabs reopen after the update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-issues-emergency-chrome-update-for-high-severity-vulnerabilities-x-0-j-d-t/gD2P6Ple2L
Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones
Grandstream GXP1600 series VoIP phones contain a critical unauthenticated buffer overflow vulnerability (CVE-2026-2329) that allows attackers to gain root access and intercept calls.
**If you are using Grandstream GXP1600 phones, plan a quick update to firmware 1.0.7.81. As a first step, make sure to isolate VoIP hardware on a dedicated, firewalled VLAN and confirm that management interfaces are not reachable from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-root-vulnerability-in-grandstream-gxp1600-voip-phones-t-4-w-t-w/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0570-1 https://packetstorm.news/files/215839 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10209-1 https://packetstorm.news/files/215837 #advisory
Red Hat Security Advisory 2026-2925-03 https://packetstorm.news/files/215822 #advisory
Microsoft Patches Privilege Escalation Flaw in Windows Admin Center
Microsoft patched a privilege escalation vulnerability (CVE-2026-26119) in Windows Admin Center that allows low-privileged users to impersonate administrators. This flaw enables remote command execution and lateral movement across enterprise networks, including Active Directory and Azure environments.
**If you use Windows Admin Center, apply the February 17 security update immediately — this flaw can let an attacker with minimal access take over your entire domain. While you're at it, review who has access to your Admin Center and restrict it to only those who truly need it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-privilege-escalation-flaw-in-windows-admin-center-6-p-x-i-m/gD2P6Ple2L
Vulnerabilities Reported in Popular VSCode Extensions
Researchers discovered vulnerabilities in popular VSCode extensions like Live Server and Code Runner that allow for remote code execution and local file theft.
**If you are using VSCode extensions, check this advisory. Update Microsoft Live Preview to version 0.4.16 or above. For the others, ideally remove them because they are not updated.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-in-popular-vscode-extensions-expose-millions-of-developers-to-remote-attacks-8-v-7-t-g/gD2P6Ple2L
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates for Firefox and Thunderbird to patch a high-severity heap buffer overflow (CVE-2026-2447) in the libvpx library that allows remote code execution via malformed video content.
**If you're using Mozilla Firefox or Thunderbird enable automatic updates for your browsers and mail clients and force an update. Even if the flaw is not critical, it's still better to update the browser and email client - they are your windows into the internet. Since this vulnerability can be triggered just by visiting a website or playing a video, patching is your best defense.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mozilla-releases-urgent-security-updates-for-firefox-and-thunderbird-to-patch-critical-libvpx-flaw-d-w-y-g-x/gD2P6Ple2L
openSUSE Security Advisory - openSUSE-SU-2026:0053-1 https://packetstorm.news/files/215770 #advisory
SUSE Security Advisory - SUSE-SU-2026:0554-1 https://packetstorm.news/files/215769 #advisory
Google Issues Emergency Patch for Actively Exploited Chrome Zero-Day
Google patched a high-severity Chrome flaw (CVE-2026-2441) that is currently being exploited in the wild. The flaw allows remote code execution on Windows, macOS, and Linux systems through malicious web content.
**An urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and the flaw is nasty enough that even the basic description of it is withheld. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-issues-emergency-patch-for-actively-exploited-chrome-zero-day-h-3-4-y-e/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0476-1 https://packetstorm.news/files/215554 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10182-1 https://packetstorm.news/files/215553 #advisory
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0438-1 https://packetstorm.news/files/215495 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10172-1 https://packetstorm.news/files/215494 #advisory
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways
ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.
**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0403-1 https://packetstorm.news/files/215196 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:20180-1 https://packetstorm.news/files/215195 #advisory
Red Hat Security Advisory 2026-2343-03 https://packetstorm.news/files/215180 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10146-1 https://packetstorm.news/files/215080 #advisory
SUSE Security Advisory - SUSE-SU-2026:0389-1 https://packetstorm.news/files/215079 #advisory
Red Hat Security Advisory 2026-2201-03 https://packetstorm.news/files/215073 #advisory
Mitsubishi Electric Patches Critical Remote Takeover Flaw in MELSEC iQ-R Series PLCs
Mitsubishi Electric patched a critical vulnerability (CVE-2025-15080) in MELSEC iQ-R Series PLCs that allows unauthenticated remote attackers to read or tamper with control data and cause system outages.
**Make sure all MELSEC iQ-R Series PLCs are isolated from the public internet and accessible only from trusted networks. Then plan an update to firmware version 49.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mitsubishi-electric-patches-critical-remote-takeover-flaw-in-melsec-iq-r-series-plcs-y-b-o-n-n/gD2P6Ple2L
CISA and Ilevia Report Multiple Critical Vulnerabilities in EVE X1 Industrial Servers
Ilevia disclosed nine vulnerabilities in its EVE X1 Server, including multiple critical flaws that allow unauthenticated attackers to execute arbitrary commands and gain root access. The vendor has declined to patch several of these vulnerabilities.
**If you are using Ilevia systems, review the advisory in detail. As usual isolate all industrial devices from the internet and make them accessible only from trusted networks. Make sure to close port 8080. Then plan a quick patch cycle, there are a bunch of critical easily exploited flaws. And be aware that some flaws remain, the vendor refused to patch them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-and-ilevia-report-multiple-critical-vulnerabilities-in-eve-x1-industrial-servers-q-9-p-i-h/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0383-1 https://packetstorm.news/files/215032 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10141-1 https://packetstorm.news/files/215031 #advisory
Red Hat Security Advisory 2026-2147-03 https://packetstorm.news/files/215013 #advisory
Critical Authentication Bypass Reported in RISS SRL MOMA Seismic Stations
RISS SRL MOMA Seismic Station versions <=v2.4.2520 contain a critical vulnerability (CVE-2026-1632) that allows unauthenticated attackers to take full control of the device via its web interface.
**If you use MOMA Seismic Station seismic stations, isolate them off the public internet immediately and put them behind a firewall or VPN. Since the vendor hasn't responded with a patch, your only real defense is strict network isolation. And consider if it's feasible to replace these devices, especially if they are networked or connected to public systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-riss-srl-moma-seismic-stations-exposes-infrastructure-5-4-4-r-f/gD2P6Ple2L
Critical Authentication Bypass in Avation Light Engine Pro Allows Full Device Takeover
Avation Light Engine Pro contains a critical vulnerability (CVE-2026-1341) that allows unauthenticated remote attackers to take full control of the device due to a complete lack of authentication.
**Isolate your Avation Light Engine Pro from the internet and make them accessible only from trusted networks. There is no patch, and the vendor is unresponsive. Use a VPN and firewalls to ensure only authorized internal staff can reach the control interface, and start planning for a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-avation-light-engine-pro-allows-full-device-takeover-r-o-s-n-n/gD2P6Ple2L
Docker Patches Critical 'DockerDash' Flaw in Ask Gordon AI Assistant
Docker patched a critical vulnerability called DockerDash in its Ask Gordon AI assistant that allowed attackers to execute remote code or steal sensitive environment data via malicious Docker image metadata.
**Treat all AI-processed metadata as untrusted code and ensure you update Docker Desktop and Docker CLI to version 4.50.0 to enable mandatory user confirmation for AI actions. This update prevents automated attacks that turn simple AI queries into dangerous system commands.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/docker-patches-critical-dockerdash-flaw-in-ask-gordon-ai-assistant-9-d-u-d-c/gD2P6Ple2L
SQL Injection Vulnerability Reported in Quiz and Survey Master WordPress Plugin
A SQL injection vulnerability (CVE-2025-67987) in the Quiz and Survey Master WordPress plugin affects over 40,000 sites, allowing authenticated users with Subscriber-level access to extract sensitive database information.
**If you are using the Quiz and Survey Master plugin, plan a quick update to version 10.3.2. Even low-level user accounts can exploit this flaw, so do not assume your site is safe just because you trust your registered users.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sql-injection-vulnerability-reported-in-quiz-and-survey-master-wordpress-plugin-k-x-8-0-b/gD2P6Ple2L
Critical Authentication Bypass in End-of-Life Synectix LAN 232 TRIO Adapters
Synectix LAN 232 TRIO adapters contain a critical vulnerability (CVE-2026-1633) that allows unauthenticated remote attackers to take full control of the device. Because the manufacturer is out of business, no patches will be released.
**If you use these Synectix adapters, isolate them from the internet immediately because they have no password protection and will never be patched. Since the company is out of business, plan a replacement of the devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-end-of-life-synectix-lan-232-trio-adapters-j-r-d-l-z/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0360-1 https://packetstorm.news/files/214820 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:20151-1 https://packetstorm.news/files/214819 #advisory
Critical n8n Sandbox Escapes Enable Remote Code Execution
n8n reports two sandbox escape vulnerabilities, CVE-2026-1470 and CVE-2026-0863, that allow authenticated users to execute arbitrary code and take over self-hosted servers. These flaws bypass JavaScript and Python security filters by exploiting deprecated language features and specific interpreter behaviors.
**If you are using n8n, make sure it's isolated from the internet and accessible from trusted users only. Then patch n8n to version 1.123.17, 2.4.5 for CVE-2026-1470, and 1.123.14, 2.3.5 for CVE-2026-0863 or later. The CVE-2026-1470 patch is higher priority. Also configure Python nodes to run in 'External' mode for better process isolation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-n8n-sandbox-escapes-enable-remote-code-execution-7-0-w-q-b/gD2P6Ple2L
SUSE Security Advisory - SUSE-SU-2026:0326-1 https://packetstorm.news/files/214588 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10101-1 https://packetstorm.news/files/214587 #advisory
Red Hat Security Advisory 2026-1591-03 https://packetstorm.news/files/214572 #advisory
FreeBSD Security Advisory - FreeBSD-SA-26:01.openssl https://packetstorm.news/files/214520 #advisory #advisory
FreeBSD Security Advisory - FreeBSD-SA-26:02.jail https://packetstorm.news/files/214519 #advisory #advisory
SUSE Security Advisory - SUSE-SU-2026:0307-1 https://packetstorm.news/files/214504 #advisory
openSUSE Security Advisory - openSUSE-SU-2026:10094-1 https://packetstorm.news/files/214503 #advisory
OpenSSL Security Advisory 20260127 https://packetstorm.news/files/214422 #advisory #advisory
SUSE Security Advisory - SUSE-SU-2026:0299-1 https://packetstorm.news/files/214408 #advisory
Red Hat Security Advisory 2026-1349-03 https://packetstorm.news/files/214399 #advisory
Critical Cellbreak Vulnerability in Grist-Core Enables Remote Code Execution
Grist-Core patched a critical vulnerability (CVE-2026-24002) that allows attackers to execute remote code via malicious spreadsheet formulas. The flaw enables unauthorized access to host systems, database credentials, and sensitive internal files.
**If you're running Grist-Core, immediately update to version 1.7.9 to fix this flaw. There's a PoC available, so exploits will start VERY SOON. If you can't update right away, change your GRIST_SANDBOX_FLAVOR setting to "gvisor" as an interim protection measure.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-cellbreak-vulnerability-in-grist-core-enables-remote-code-execution-u-x-w-v-x/gD2P6Ple2L
Critical Flaws in Dormakaba Access Systems Allow Remote Door Control
Researchers discovered over 20 vulnerabilities in Dormakaba physical access control systems that allow attackers to remotely unlock doors, steal PINs, and gain full system control.
**Make sure all Dormakaba access control systems are isolated from the internet and only accessible from trusted, properly segmented internal networks - never mount them in publicly accessible areas. Then plan an upgrade to the latest patched versions and change all default passwords following Dormakaba's hardening guide.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaws-in-dormakaba-access-systems-allow-remote-door-control-e-a-q-h-1/gD2P6Ple2L
Red Hat Security Advisory 2026-1190-03 https://packetstorm.news/files/214314 #advisory