CVE-2026-20700 – Apple corrige sa première faille zero-day de 2026 : patchez ! https://www.it-connect.fr/cve-2026-20700-apple-corrige-sa-premiere-faille-zero-day-de-2026-patchez/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Apple

Here's a summary of recent global, technology, and cybersecurity news from the last 24 hours:

Globally, Canada mourned 10 lives lost in a mass shooting in British Columbia (February 12).

In technology, Samsung began mass production of HBM4 with ultimate performance for AI computing (February 12). Waymo also launched fully autonomous operations with its 6th-generation Driver (February 12).

For cybersecurity, Google reported state-backed hackers are using Gemini AI for reconnaissance and attack support (February 12). Apple patched an actively exploited zero-day vulnerability (CVE-2026-20700) affecting iOS, macOS, and other devices (February 12). Additionally, Palo Alto Networks reportedly chose not to publicly link a global cyberespionage campaign to China over fears of retaliation (February 13).

#News #Anonymous #AnonNews_irc

Global cybersecurity remains critical: Threat actors are actively exploiting Google's Gemini AI for varied attack stages, from reconnaissance to phishing. Apple has patched a critical zero-day vulnerability (CVE-2026-20700) exploited in sophisticated attacks. CISA updated its KEV Catalog with four new vulnerabilities, urging immediate remediation. Furthermore, the EU launched a new ICT Supply Chain Security Toolbox to enhance risk mitigation. (Feb 12-13, 2026)

#Cybersecurity #AnonNews_irc #News

Had a case this week of a fairly secure deployment of BeyondTrust, but vulnerable to CVE-2026-1731. With basically zero egress, I implemented a timing oracle POC instead. Takes about 20 minutes to get the ls command output in this demo, but hey, it works! :D

Threat actors are actively exploiting CVE-2026-1731 (9.9) in BeyondTrust Remote Support & PRA.

Attackers extract portal data, then open WebSocket channels to trigger unauthenticated RCE.

🔗 Read → https://thehackernews.com/2026/02/researchers-observe-in-wild.html

Patches are out, but exploitation started fast.

Here's a summary of the latest critical news in technology and cybersecurity:

State-backed hackers are reportedly leveraging Google's Gemini AI for reconnaissance and attack support. A critical BeyondTrust Remote Code Execution vulnerability (CVE-2026-1731) is being actively exploited in the wild. CISA has added four new exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. In technology, Samsung commenced shipping of industry-first HBM4 memory for AI computing, and HKUST announced a major advance in calcium-ion battery technology.

#AnonNews_irc #Cybersecurity #Anonymous #News

Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/

Threat actors are actively exploiting a critical BeyondTrust vulnerability (CVE-2026-1731) within 24 hours of a proof-of-concept (PoC) exploit being released. This flaw, affecting BeyondTrust Remote Support and Privileged Remote Access, allows for unauthenticated remote code execution and has seen exploitation attempts from multiple IP addresses, some previously involved in other vulnerability exploits.
https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/

Microsoft's #Notepad Got Pawned. The #vulnerability exploit #PoC code is public. Fork it while it's hot: https://github.com/BTtea/CVE-2026-20841-PoC

#cve2026_20841 #cyberSecurity

CVE-2026-1603

I refuse to believe that is a vulnerability over a purposeful backdoor, fuckin' yank products.

⚠️ CVE-2026-25227 (CRITICAL, CVSS 9.1): Code injection in goauthentik authentik via delegated permissions. Patch to 2025.8.6, 2025.10.4, or 2025.12.4 urgently. Audit permissions & monitor test endpoint usage. https://radar.offseq.com/threat/cve-2026-25227-cwe-94-improper-control-of-generati-cc39f642 #OffSeq #authentik #infosec #CVE

🔐 CVE-2026-25227
CVE-2026-25227

📊 CVSS Score: 9.1
⚠️ Severity: Critical
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25227
🛡️ CWE: CWE-94
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4

🔗 https://hecate.pw/vulnerability/CVE-2026-25227

#cve #vulnerability #hecate

🔐 CVE-2026-21643

📊 CVSS: 9.1 · Critical
📅 02/06/2026, 08:24 AM
🛡️ CWE: CWE-89
📦 Affected: Fortinet FortiClientEMS (7.4.4)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

🔗 https://hecate.pw/vulnerability/CVE-2026-21643

#cve #vulnerability #hecate

Das BSI hat seinen IT-Sicherheitshinweis zu Ivanti EPMM aktualisiert:
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2026/2026-221601-1032

Es liegen Hinweise vor, dass die Schwachstellen CVE-2026-1281 und CVE-2026-1340 bereits seit Mitte 2025 ausgenutzt wurden. ALLE Betreiber von Ivanti EPMMs sollten daher bei der Prüfung ihrer Systeme auf Kompromittierungen den Untersuchungszeitraum bis Juli 2025 zurück ausweiten. Es muss davon ausgegangen werden, dass die Anzahl kompromittierter Systeme deutlich höher ist als ursprünglich angenommen.

‼️ CISA added one more vulnerability to the KEV Catalog today...

CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.

CISA has added a critical code execution flaw in Notepad++ to its Known Exploited Vulnerabilities (KEV) catalog.

Notepad++ is a widely used open-source text editor popular among developers and IT teams.

The vulnerability (CVE-2025-15556) allows attackers to intercept or manipulate update traffic, tricking users into installing malicious payloads. The issue has been fixed in version 8.8.9 and all later releases.