The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

Today is Microsoft' 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly ...
Network World

Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files

The vendor has issued a patch to close four holes in its flagship Backup & Replication suite; version 13 users are advised to ...
SecurityWeek

New StackWarp Attack Threatens Confidential VMs on AMD Processors

Dubbed StackWarp, the issue has been found to impact AMD Zen 1 through Zen 5 processors, enabling an attacker to hack ...
SecurityWeek

Several Code Execution Flaws Patched in Veeam Backup & Replication

CISA’s Known Exploited Vulnerabilities (KEV) catalog includes four weaknesses found in the product in recent years, including ...

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day ...
The Hacker News

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS 9.8 that allows remote code ...

This critical severity flaw in D-Link DSL gateway devices could allow for remote code execution

Earlier this week, security researchers from VulnCheck announced finding a command injection vulnerability due to improper ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a ...
Redmondmag.com

Zero-Day Attack Drives 113-Vulnerability Patch Tuesday Release to Start 2026

Microsoft rang in 2026 with its biggest January Patch Tuesday rollout in four years, shipping fixes for 113 vulnerabilities ...
CSO Online

CISA flags max-severity bug in HPE OneView amid active exploitation

The flaw allows remote code execution via a public REST API, giving attackers a direct path to compromise enterprise ...