%term

Critical Node.js Vulnerabilities Expose Uninitialized Memory (CVE-2025-55131)

Jan 16, 2026 By Aayush Vishnoi In Indusface

CVE-2025-55131 is a high-severity buffer allocation race condition vulnerability in Node.js that can lead to uninitialized memory exposure when using the vm module with execution timeouts. This vulnerability is part of a coordinated Node.js security update addressing eight vulnerabilities across all active release lines.

Read Post

Indusface

Read more about Critical Node.js Vulnerabilities Expose Uninitialized Memory (CVE-2025-55131)

CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability

Jan 15, 2026 By Andres Ramos In Arctic Wolf

On January 13, 2025, Fortinet released fixes for a critical-severity FortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within the phMonitor service (TCP/7900). An unauthenticated, remote threat actor can exploit this vulnerability via crafted TCP requests to execute unauthorized code or commands on affected systems.

Read Post

Arctic Wolf

Read more about CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability

New attack analysis: What you need to know about the Endesa data breach

Jan 15, 2026 By Lydia Atienza In Outpost 24

Following the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers, Outpost24’s threat intelligence team has compiled a comprehensive analysis of the incident based on publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements.

Read Post

Outpost 24

Read more about New attack analysis: What you need to know about the Endesa data breach

Weekly Cyber Security News 15/01/2026

Jan 15, 2026 By Kevin In ionCube24

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! You might want to get on to this…

Read Post

ionCube24

Read more about Weekly Cyber Security News 15/01/2026

Why One-Time Vulnerability Scans Aren't Enough

Jan 15, 2026 By SecuritySenses In SecuritySenses

A single vulnerability scan provides a tempting snapshot of security health. Too many companies rely on such periodic checks for compliance and some semblance of risk assessment. This, however, leads to an extremely dangerous illusion of security. Modern digital environments, as well as threat actors, move at speeds that are much too high for a static, point-in-time evaluation. Treating cybersecurity as an exercise in box-ticking leaves gaps that adversaries can use.

Read Post

SecuritySenses

Read more about Why One-Time Vulnerability Scans Aren't Enough

Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

Jan 14, 2026 By Ori Hollander In JFrog

A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may potentially lead to remote code execution”.

Read Post

JFrog

Read more about Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis

ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

Jan 14, 2026 By Stephen Thoemmes In Snyk

The recent disclosure of what security researchers are calling "the most severe AI-driven vulnerability uncovered to date" in ServiceNow's platform serves as a stark reminder: securing agentic AI isn't just about new AI-specific controls; it requires getting the fundamentals right first.

Read Post

Snyk

Read more about ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & BlackCat insiders [281]

Jan 14, 2026 By LimaCharlie In LimaCharlie

A newly disclosed vulnerability in the workflow automation platform n8n, tracked as CVE-2026-21858 and rated CVSS 10.0, allows unauthenticated remote attackers to fully compromise exposed instances. Two malicious Chrome extensions impersonating a legitimate product from AITOPIA were found exfiltrating sensitive user data, including full AI chat histories, according to a report from OX Security. The recent U.S. military operation in Venezuela that led to the capture of President Nicolás Maduro may have included cyber operations, but official confirmation of cyber’s role remains ambiguous.

View Video

LimaCharlie

Read more about Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & BlackCat insiders [281]

Exploit Intel & Detected Products - Tanium Comply - Tanium Tech Talks #153

Jan 14, 2026 By Tanium In Tanium

Cut through vulnerability noise! Learn how Tanium Comply’s new Exploit Intel, Endpoint Criticality, and Detected Products help you prioritize and remediate faster. What you’ll learn: Why CVSS alone isn’t enough How EPSS and exploit maturity change the game Dynamic criticality rules for business impact Detected Products for pinpoint remediation Visualize risk with the Exploitability Dashboard.

View Video

Tanium

Read more about Exploit Intel & Detected Products - Tanium Comply - Tanium Tech Talks #153

What is CVE 2025 59287 ?

Jan 14, 2026 By Fidelis Security In Fidelis Security

CVE-2025-59287 is a critical WSUS remote code execution (RCE) vulnerability that allows attackers to take over vulnerable Windows Server Update Services instances without authentication. With a CVSS score of 9.8, the flaw exploits unsafe deserialization, enabling remote attackers to execute arbitrary code with high impact.

View Video