2+ hour, 28+ min ago   (218+ words) Cybersecurity researchers have identified a troubling trend in which sophisticated threat actors are leveraging legitimate cloud and content delivery network (CDN) infrastructure from major technology providers, including Microsoft Azure, Google Cloud, and AWS CloudFront, to host phishing kits while evading…...

2+ hour, 44+ min ago   (300+ words) Microsoft has disclosed a new security vulnerability in Windows Remote Assistance that could allow local attackers to bypass critical security features on affected systems. The vulnerability, tracked as CVE-2026-20824, was publicly disclosed on January 13, 2026, and has been assigned an "Important…...

6+ hour, 15+ min ago   (355+ words) The vulnerability carries a CVSS v4.0 base score of 7.7, classified as HIGH severity, with an elevated base score of 8.7 when environmental factors are considered. Disclosed on January 14, 2026, the security issue stems from improper validation of unusual or exceptional conditions within the…...

1+ day, 27+ min ago   (401+ words) Microsoft has disclosed a critical elevation-of-privilege vulnerability in SQL Server that allows attackers with high privileges to escalate their access over a network without requiring user interaction. The vulnerability, tracked as CVE-2026-20803, was released on January 13, 2026, and stems from missing…...

1+ day, 2+ hour ago   (333+ words) The tool focuses on finding exposed data paths that could allow unauthorized users to access sensitive records, such as financial, identity, or health information, from an external perspective. Salesforce Aura is the framework behind Salesforce's Lightning Experience UI and Experience…...

1+ day, 4+ hour ago   (294+ words) A command-injection vulnerability in the Spring CLI VSCode extension allows attackers to execute arbitrary commands on affected user machines. The flaw, tracked as CVE-2026-22718, affects all versions through 0.9.0 and poses a significant security risk for developers who are still relying…...

1+ day, 4+ hour ago   (157+ words) Elastic has released urgent security patches addressing four significant vulnerabilities in Kibana that could enable attackers to steal sensitive files, trigger service outages, and exhaust system resources. The advisories, published on January 14, 2026, affect multiple Kibana versions spanning from 7.x through…...

1+ day, 4+ hour ago   (306+ words) Fortinet has disclosed a Server-Side Request Forgery (SSRF) vulnerability in FortiSandbox that allows authenticated attackers to proxy internal network traffic via crafted HTTP requests. The vulnerability, tracked as CVE-2025-67685, has a CVSS v3.1 score of 3.4 and a Low severity rating due…...

1+ day, 6+ hour ago   (175+ words) A sophisticated malware loader designated CastleLoader has emerged as a significant threat to U.S. government agencies and critical infrastructure sectors, according to extensive malware analysis. "The loader has impacted approximately 469 devices across multiple industries, with particular focus on government entities. The…...

1+ day, 6+ hour ago   (221+ words) A sophisticated Python-based malware family known as VVS Stealer has emerged as a significant threat to Discord users. The stealer, actively marketed on Telegram beginning in April 2025, is engineered to exfiltrate sensitive account credentials, authentication tokens, and browser data from…...