Patch/Configuration Management

Related Videos

Data exposed of more than 15K Fortinet FortiGate firewalls. (Adobe Stock)

Actively exploited Fortinet FortiCloud zero-day patched

SC StaffJanuary 28, 2026

Fortinet has issued emergency updates to address the critical FortiCloud SSO authentication bypass vulnerability, tracked as CVE-2026-24858, after momentarily deactivating FortiCloud SSO and blocking FortiCloud accounts observed in zero-day intrusions earlier this month, reports SecurityWeek.

Laptop user pressing Windows Key on Microsoft Windows keyboard.

Security Operations

Microsoft Windows file archival tool WinRAR exploited worldwide

Steve ZurierJanuary 28, 2026

Vulnerability lets threat actors drop malware into the Windows Startup folder.

Vulnerability Management

Critical vm2 vulnerability allows sandbox escape and arbitrary code execution

SC StaffJanuary 28, 2026

The vm2 library, designed to run untrusted JavaScript code in a secure context, has a history of sandbox-escape vulnerabilities.

Vulnerability Management

CISA adds critical Microsoft Office, Linux Kernel, and SmarterMail vulnerabilities to KEV catalog

SC StaffJanuary 28, 2026

The inclusion of these vulnerabilities in CISA's KEV catalog mandates federal agencies to address them by February 16, 2026, under Binding Operational Directive 22-01.

Vulnerability Management

Critical ‘Cellbreak’ vulnerability in Grist-Core allows remote code execution

SC StaffJanuary 28, 2026

Discovered by Vladimir Tokarev, the Cellbreak vulnerability (CVSS score: 9.1) is a Pyodide sandbox escape.

Vulnerability Management

Actively exploited Microsoft Office zero-day fixed

SC StaffJanuary 27, 2026

Emergency security updates have been released by Microsoft to remediate the actively exploited Office security feature bypass zero-day, tracked as CVE-2026-21509, Security Affairs reports.

Vulnerability Management

Account hijacking likely with actively exploited critical Appsmith vulnerability

SC StaffJanuary 26, 2026

Infosecurity Magazine reports that threat actors have been actively exploiting a critical authentication flaw in the open-source low-code application platform Appsmith, tracked as CVE-2026-22794, to facilitate user account takeovers.

Patch/Configuration Management

Related Videos

A couple simple steps companies can take to protect their systems from ransomware

Actively exploited Fortinet FortiCloud zero-day patched

Microsoft Windows file archival tool WinRAR exploited worldwide

Critical vm2 vulnerability allows sandbox escape and arbitrary code execution

CISA adds critical Microsoft Office, Linux Kernel, and SmarterMail vulnerabilities to KEV catalog

Critical ‘Cellbreak’ vulnerability in Grist-Core allows remote code execution

Actively exploited Microsoft Office zero-day fixed

Account hijacking likely with actively exploited critical Appsmith vulnerability

Fast Five

Selected by the SC Media Editorial team every Tuesday.