Patch/Configuration Management

Security Operations

Cisco patches 10.0 bug in leading AsyncOS email products

Steve ZurierJanuary 16, 2026

CVE-20225-20393 was placed on CISA's Known Exploited Vulnerabilities (KEV) catalog on Dec. 17.

Security Operations

Outdated Apache Struts versions see spike in downloads, posing security risk

SC StaffJanuary 16, 2026

The issue centers on a flaw, CVE-2025-68493, found in the XWork component, which involves unsafe XML parsing.

Vulnerability Management

Palo Alto Networks patches denial-of-service vulnerability in GlobalProtect

SC StaffJanuary 16, 2026

The vulnerability, present in various versions of PAN-OS software, enables an unauthenticated attacker to trigger a DoS condition.

IoT

WhisperPair vulnerabilities expose Bluetooth audio devices to hijacking

SC StaffJanuary 16, 2026

WhisperPair vulnerabilities stem from improper implementation of Google's Fast Pair protocol, which enables quick device connections.

Vulnerability Management

Modular DS WordPress plugin vulnerability allows admin access

SC StaffJanuary 16, 2026

The vulnerability stems from flaws in the plugin's handling of "direct request" mode, where it accepted requests without proper cryptographic verification.

Security Operations

Mandiant releases open source tool to detect Salesforce data exposure risks

SC StaffJanuary 16, 2026

The tool specifically targets access control vulnerabilities in Salesforce Aura, the framework powering Experience Cloud sites.

Data exposed of more than 15K Fortinet FortiGate firewalls. (Adobe Stock)

Data Security

Fortinet patches critical FortiSIEM vulnerability allowing code execution

SC StaffJanuary 15, 2026

The vulnerability, discovered by Zach Hanley of Horizon3.ai, resides in the phMonitor service, which handles logging security events.

Data Security

ServiceNow patches critical AI Platform vulnerability enabling user impersonation

SC StaffJanuary 15, 2026

ServiceNow has addressed a critical vulnerability within its AI Platform that could have allowed threat actors to impersonate users and execute arbitrary actions.

Patch/Configuration Management

Related Videos

A couple simple steps companies can take to protect their systems from ransomware

Cisco patches 10.0 bug in leading AsyncOS email products

Outdated Apache Struts versions see spike in downloads, posing security risk

Palo Alto Networks patches denial-of-service vulnerability in GlobalProtect

WhisperPair vulnerabilities expose Bluetooth audio devices to hijacking

Modular DS WordPress plugin vulnerability allows admin access

Mandiant releases open source tool to detect Salesforce data exposure risks

Fortinet patches critical FortiSIEM vulnerability allowing code execution

ServiceNow patches critical AI Platform vulnerability enabling user impersonation

Fast Five

Selected by the SC Media Editorial team every Tuesday.