24h | 7d | 30d

Overview

  • Microsoft
  • Windows 10 Version 1809

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
23.28%

Description

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Statistics

  • 9 Posts
  • 3 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture

⚠️ Microsoft’s first Patch Tuesday of 2026 fixes 114 Windows flaws, including one exploited in the wild.

CVE-2026-20805 is a local info-leak in Desktop Window Manager that can expose memory addresses and weaken ASLR.

🔗 Read → thehackernews.com/2026/01/micr

  • 0
  • 1
  • 0
  • 1h ago
Profile picture

Here's a summary of the most important world, technology, and cybersecurity news from the last 24-48 hours:

World: A train crash in Thailand killed at least 22 people (Jan 14). US President Trump warned Iran amid protests and reaffirmed his desire to acquire Greenland (Jan 14).

Technology: Big Tech companies are heavily investing in energy infrastructure to power their AI ambitions amidst growing backlash over resource usage (Jan 14). Apple's status as a tech visionary is being questioned amidst the rapid AI advancements (Jan 14).

Cybersecurity: CISA and Microsoft patched an actively exploited Windows information disclosure vulnerability (CVE-2026-20805) (Jan 13-14). The World Economic Forum's 2026 outlook highlights enterprise security facing a "three-front war" from cybercrime, AI misuse, and supply chain attacks (Jan 13).

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 20h ago
Profile picture

📰 CISA Mandates Patch for Exploited Windows Zero-Day Used in Attack Chains

🚨 CISA adds actively exploited Windows zero-day CVE-2026-20805 to its KEV catalog! The info-disclosure flaw in Desktop Window Manager is used to bypass ASLR in attack chains. Federal agencies must patch by Feb 3. ⚠️ #Windows #ZeroDay #Infosec

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 18h ago
Profile picture

📰 Microsoft's January 2026 Patch Tuesday Fixes 114 Flaws, Including One Exploited Zero-Day

Microsoft's January 2026 Patch Tuesday is massive, fixing 114 vulnerabilities! 💻 The update includes 8 critical RCE flaws and one actively exploited zero-day (CVE-2026-20805). Prioritize patching now! #PatchTuesday #Microsoft #Cybersecurity

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 18h ago
Profile picture

Microsoft patched an actively exploited Windows DWM flaw (CVE-2026-20805) in January Patch Tuesday.

CISA added it to the KEV list within hours, warning of real-world attacks.
Patch now. Medium severity, high impact when chained.

#Windows #PatchTuesday #CyberSecurity #CVE

  • 0
  • 0
  • 0
  • 11h ago
Profile picture

Microsoft Flickentag 2026-01

Zum Beginn des Jahres bringt Microsoft (MS) Flicken für 113 Sicherheitslücken - eine ganze Menge. Von denen wird eine (CVE-2026-20805) bereits für Angriffe ausgenutzt (Zero-Day); eine andere (CVE-2026-21265) war schon lange bekannt, aber wird (noch) nicht für Angriffe genutzt. Von den jetzt geflickten Sicherheitslücken stuft MS 8 als kritisch ein, 5 von denen stecken in Komponenten von MS-Office. Die bereits ausgenutzte CVE-2026-20805 stuft MS nur als wichtig (nicht als kritisch) ein, das verstehe wer will. Die CISA hat diese Lücke in den KEV (Known Exploited Vulnerabilities) Katalog aufgenommen und eine Order erlassen, nach der Behörden

pc-fluesterer.info/wordpress/2

#Warnung #0day #exploits #Microsoft #office #sicherheit #UnplugTrump #windows #zahlen #zeroday

  • 1
  • 1
  • 0
  • 21h ago
Profile picture

Cyber Threat Intelligence Briefing – Jan. 14, 2026

Incident: Microsoft Windows users impacted by CVE-2026-20805 causing memory information disclosure

Date of Incident (ET): Unknown

Date of Disclosure (ET): Jan. 13, 2026

Summary: Microsoft addressed a zero-day vulnerability in Desktop Window Manager actively exploited to leak sensitive memory addresses. CISA added the flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by Feb. 3.

Source: theregister.com/2026/01/14/pat

Incident: Nissan Motor Corporation impacted by Everest ransomware causing data extortion threat

Date of Incident (ET): Jan. 10, 2026

Date of Disclosure (ET): Jan. 13, 2026

Summary: The Everest ransomware group listed Nissan on its leak site, claiming the theft of 900 gigabytes of data. The group has threatened to release dealership orders, sales records, and internal business communications if demands are unmet.

Source: scworld.com/brief/everest-rans

Incident: Polish power system impacted by Russian-linked actor causing attempted disruption

Date of Incident (ET): December 2025

Date of Disclosure (ET): Jan. 13, 2026

Summary: Poland's energy minister confirmed the country repelled a massive cyberattack targeting communications between renewable installations and distribution operators. Officials attributed the failed attempt to disrupt critical infrastructure to Russian military intelligence actors.

Source: straitstimes.com/world/europe/

Incident: Gogs repository service impacted by CVE-2025-8110 causing remote code execution

Date of Incident (ET): Unknown

Date of Disclosure (ET): Jan. 13, 2026

Summary: CISA warned of active exploitation of a high-severity path traversal flaw in the Gogs Git service. The vulnerability allows attackers to overwrite sensitive files and achieve code execution; approximately 700 instances have been compromised.

Source: thehackernews.com/2026/01/cisa

Incident: Betterment customers impacted by social engineering causing unauthorized PII access

Date of Incident (ET): Jan. 9, 2026

Date of Disclosure (ET): Jan. 12, 2026

Summary: Fintech firm Betterment confirmed a breach of third-party marketing systems via social engineering. Attackers accessed customer names and contact details to distribute fraudulent cryptocurrency scam notifications to users, though core accounts remained secure.

Source: techcrunch.com/2026/01/12/fint

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture
Microsoft и американските власти предупредиха, че в Windows е открита уязвимост, която киберпрестъпниците са използвали активно. Уязвимостта с номер CVE-2026-20805 е открита от експерти по киберсигурност в Microsoft и позволява на нападател, който вече е проникнал в системата...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
Microsoft、Windowsの定例アップデートで3件のゼロデイ 脆弱性を修正(CVE-2026-20805/21265/CVE-2023-31096) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Fortinet
  • FortiSIEM

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
0.07%

KEV

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Statistics

  • 6 Posts
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture

‼️CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution

Exploit/PoC: github.com/horizon3ai/CVE-2025

CVSS: 9.4
Published: Jan 13, 2026

Writeup: horizon3.ai/attack-research/di

Advisory: fortiguard.fortinet.com/psirt/

  • 0
  • 1
  • 0
  • 16h ago
Profile picture

🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM which may allow an unauthenticated attacker to execute unauthorised code or commands via crafted TCP requests. (CVSS 9.8)

I've created a vulnerability detection script here:
github.com/rxerium/rxerium-tem

Patches are strongly advised. If you are unable to patch it is recommended that you limit access to the phMonitor port (7900) as per Fortinet's advisory:
fortiguard.fortinet.com/psirt/

  • 0
  • 0
  • 0
  • 23h ago
Profile picture

Un exploit est disponible pour cette nouvelle faille critique dans Fortinet FortiSIEM : CVE-2025-64155 it-connect.fr/fortinet-fortisi #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture
Fortinet patched a critical OS command injection in FortiSIEM (CVE-2025-64155, CVSS 9.4) that can be exploited without authentication. The flaw […]
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Fortinet Fixes FortiSIEM RCE Flaw Read More: www.cybermaterial.com/p/fortinet-f... #FortiSIEM #FortinetSecurity #UnauthenticatedRCE #CVE202564155 #SIEMSecurity #SOCOperations #PatchNow #EnterpriseSecurity #ThreatMitigation
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
Fortinet risolve falla critica in FortiSIEM: aggiornamenti urgenti per evitare attacchi 📌 Link all'articolo : www.redhotcyber.com/post/for... #redhotcyber #news #cybersecurity #hacking #malware #vulnerabilita #fortinet #fortisiem #cve202564155
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 5 Posts
  • 6 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

There's the DoS.

CVSS-BT: 7.7 / CVSS-B: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:U/V:D/RE:M/U:Amber)

security.paloaltonetworks.com/

  • 2
  • 4
  • 0
  • 18h ago
Profile picture

@cR0w cve-2026-0227 seems spicy

  • 0
  • 0
  • 0
  • 18h ago
Profile picture

DoS-Schwachstelle in PAN-OS bedroht GlobalProtect-Infrastruktur

Palo Alto Networks hat eine kritische Sicherheitslücke in seiner Firewall-Software PAN-OS behoben. Die als CVE-2026-0227 klassifizierte Schwachstelle erlaubt es Angreifern ohne Authentifizierung, Denial-of-Service-Attacken gegen GlobalProtect-Komponenten durchzuführen und betroffene Systeme in den Wartungsmodus zu zwingen.

all-about-security.de/dos-schw

#PaloAltoNetworks #DoS #PANOS #firewall

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture
Paloaltoの脆弱性情報 「CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0227
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
High-severity DoS vulnerability CVE-2026-0227 in GlobalProtect Gateway/Portal allows unauthenticated attackers to force PAN-OS firewalls into maintenance mode; updates required.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows Server 2019

13 Jan 2026
Published
14 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Statistics

  • 5 Posts
  • 2 Interactions

Last activity: 17 hours ago

Bluesky

Profile picture
🛑 Serveur WDS - CVE-2026-0386 Le Patch Tuesday de janvier 2026 corrige une faille de sécurité importante dans WDS (Services de déploiement Windows). 👇 J'ai publié un article à ce sujet : - www.it-connect.fr/serveur-wds-... #WDS #infosec #cybersecurite #infosec #veilleIT
  • 1
  • 1
  • 0
  • 19h ago
Profile picture
CVE-2026-0386 shows how unattend.xml can leak creds on insecure channels, so #WDS is moving to secure by default. Hands free setups fade out by April 2026 unless you override them, so it’s smart to shift to safer deployment paths now.
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
Microsoft: Windows Deployment Services #WDS Hands-Free Deployment Hardening Guidance related to CVE-2026-0386 www.elevenforum.com/t/windows-de...
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
微软正分阶段禁用 Windows 部署服务(WDS)中的高风险“免手动部署”功能,以修复 CVE-2026-0386 漏洞,该漏洞可致远程代码执行与凭据窃取;自 2026 年 4 月起系统将默认禁用该功能,IT 管理员需提前配置注册表或迁移至安全方案。 #微软 #WindowsServer #网络安全 #CVE20260386 👇 https://windiscover.com/posts/microsoft-securing-windows-server-component-it-admins-warned-2.html
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Apache Software Foundation
  • Apache Camel Neo4j
  • org.apache.camel:camel-neo4j

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 21 hours ago

Fediverse

Profile picture

Haven't seen a cypher injection for a while. This one is in Apache Camel-Neo4j.

camel.apache.org/security/CVE-

  • 3
  • 3
  • 0
  • 21h ago

Overview

  • n8n-io
  • n8n

07 Jan 2026
Published
12 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.96%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture
Self-hosting n8n? Urgent one: CVE-2026-21858 (Ni8mare) is CVSS 10.0 and affects 1.65.0 to <1.121.0. Update to 1.121.0+ ASAP. If patching isn’t feasible today, restrict public access to webhook and form endpoints, or take the instance offline until you can update.

Video: https://www.youtube.com/watch?v=Ez5MDGG9Qck

#n8n #cybersecurity #selfhosting #infosec #homelab
  • 2
  • 1
  • 0
  • 14h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

12 Aug 2025
Published
10 Nov 2025
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
0.05%

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture

❗️CVE-2025-53136: Windows Kernel Information Disclosure through Race condition

PoC/Exploit: github.com/nu1lptr0/CVE-2025-5

CVSS: 5.5
CVE Published: Aug 12th, 2025

  • 2
  • 0
  • 0
  • 10h ago

Overview

  • Pending

14 Jan 2026
Published
14 Jan 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture

I'm not concerned about this as a security concern, but I know people around here like their AQI monitors so this might be handy for folks trying to hack theirs for other functionality.

github.com/rupeshsurve04/CVE-2

  • 1
  • 2
  • 0
  • 18h ago

Overview

  • MongoDB Inc.
  • MongoDB Server

19 Dec 2025
Published
12 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
57.25%

Description

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 12 hours ago

Bluesky

Profile picture
脅威概要: MongoDB の脆弱性 (CVE-2025-14847) #CybersecurityNews unit42.paloaltonetworks.com/mongobleed-c...
  • 1
  • 2
  • 0
  • 12h ago

Overview

  • ISC
  • BIND 9

22 Oct 2025
Published
04 Nov 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.06%

KEV

Description

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 16 hours ago

Fediverse

Profile picture

Still no fix in BIG-IP DNS for CVE-2025-8677.

my.f5.com/manage/s/article/K00

  • 1
  • 2
  • 0
  • 16h ago
Showing 1 to 10 of 65 CVEs