%term

Context-Driven Security - AI is Collapsing Exploit Timelines

Feb 2, 2026 By Nucleus Security In Nucleus

In a joint webinar with leaders from Nucleus, Cycode, and HackerOne, HackerOne product manager Kyle Mativier explains how advancing AI capabilities are collapsing how long it takes attackers to exploit seemingly low to medium severity vulnerabilities.

View Video

Nucleus

Read more about Context-Driven Security - AI is Collapsing Exploit Timelines

A Supply Chain Attack in Notepad++

Feb 2, 2026 By Tanium In Tanium

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

Read Post

Tanium

Read more about A Supply Chain Attack in Notepad++

The Secret to Secure AI Code

Feb 2, 2026 By Snyk In Snyk

AI is revolutionizing software development, but it’s also generating code faster than humans can review. In this video, we dive into the three biggest security risks of AI code generation and show you how to automate your defense using Snyk Studio. Learn how to enable Secure At Inception to catch vulnerabilities in real-time within your IDE.

View Video

Snyk

Read more about The Secret to Secure AI Code

Emerging Threat: CVE-2026-24858 - FortiCloud SSO Authentication Bypass

Feb 2, 2026 By Amit Sheps In CyCognito

CVE-2026-24858 is an authentication bypass vulnerability affecting FortiCloud’s Single Sign-On (SSO) implementation. Under certain conditions, the flaw allows an unauthenticated attacker to bypass standard authentication checks and gain access to FortiCloud services without valid credentials. The root cause is tied to insufficient validation within the SSO authentication flow, where trust boundaries between identity assertions and session establishment are not enforced strictly enough.

Read Post

CyCognito

Read more about Emerging Threat: CVE-2026-24858 - FortiCloud SSO Authentication Bypass

Emerging Threat: CVE-2025-15467 - OpenSSL CMS AuthEnvelopedData Stack-Based Buffer Overflow

Jan 31, 2026 By Amit Sheps In CyCognito

CVE-2025-15467 is a stack-based buffer overflow vulnerability in the Cryptographic Message Syntax (CMS) implementation of OpenSSL, specifically within handling of AuthEnvelopedData structures. The flaw occurs during parsing of attacker-controlled CMS messages where length fields are not sufficiently validated before being copied into fixed-size stack buffers.

Read Post

CyCognito

Read more about Emerging Threat: CVE-2025-15467 - OpenSSL CMS AuthEnvelopedData Stack-Based Buffer Overflow

CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile

Jan 30, 2026 By Andres Ramos In Arctic Wolf

On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, impact the In-House Application Distribution and Android File Transfer Configuration features and allow unauthenticated remote threat actors to achieve remote code execution.

Read Post

Arctic Wolf

Read more about CVE-2026-1281 and CVE-2026-1340: Unauthenticated RCE Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile

CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Zero-Day Analysis

Jan 30, 2026 By foresiet In Foresiet

CVE-2026-24858 is a critical authentication bypass vulnerability(CWE-288: Authentication Bypass Using an Alternate Path or Channel) in Fortinet products. It affects FortiOS, FortiAnalyzer, FortiManager, and potentially FortiProxy. An attacker with a FortiCloud account and registered device can log into devices registered to other accounts if FortiCloud SSO is enabled. Disclosed January 27, 2026, as actively exploited zero-day. CVSS 9.4 (some sources cite 9.8).

Read Post

Foresiet

Read more about CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Zero-Day Analysis

How to Enable GLM 4.7 Beta in Windsurf IDE

Jan 29, 2026 By Snyk In Snyk

How to Enable GLM 4.7 Beta in Windsurf IDE.

View Video

Snyk

Read more about How to Enable GLM 4.7 Beta in Windsurf IDE

Multiple Critical Authentication Bypass and Remote Code Execution Vulnerabilities Fixed in SolarWinds Web Help Desk

Jan 28, 2026 By Andres Ramos In Arctic Wolf

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable target for threat actors if compromised. Among the vulnerabilities addressed, four were rated as critical: At the time of writing, Arctic Wolf has not observed exploitation of these vulnerabilities in the wild, nor identified a publicly available proof-of-concept exploit.

Read Post

Arctic Wolf

Read more about Multiple Critical Authentication Bypass and Remote Code Execution Vulnerabilities Fixed in SolarWinds Web Help Desk

CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited

Jan 28, 2026 By Julian Tuin In Arctic Wolf

On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the vulnerability allows an unauthenticated threat actor with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Read Post