Overview
Description
Statistics
- 15 Posts
- 9 Interactions
Fediverse
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack https://www.esecurityplanet.com/threats/fortinet-confirms-cve-2026-24858-sso-flaw-under-active-attack/
Fortinet schließt kritische Sicherheitslücke CVE-2026-24858 nach aktiver Ausnutzung
Eine neu entdeckte Schwachstelle in der FortiCloud-Infrastruktur hat Angreifern den Zugang zu Firewall-Systemen verschiedener Organisationen ermöglicht. Fortinet reagierte mit der vorübergehenden Abschaltung der Single-Sign-On-Funktionalität und veröffentlichte Handlungsempfehlungen für betroffene Nutzer.
Here's a summary of the latest in global technology and cybersecurity from the last 24 hours:
Global tech giants are streamlining: Amazon announced 16,000 job cuts (Jan 28, 2026). Meanwhile, AI investment surges, with SoftBank nearing a $30B OpenAI investment (Jan 28, 2026). In cybersecurity, Fortinet addressed active exploitation of CVE-2026-24858 (Jan 28, 2026), and OpenSSL patched 12 flaws, including RCE (Jan 29, 2026). The Illinois Department of Human Services suffered a data breach impacting ~700,000 individuals (Jan 28, 2026).
Fortinet SSO Is A Burning Trash Fire While Prague Bureaucrats Wait For Their Morning Fax
PANIC 88% | Lag 18.75h | Fortinet has released an emergency patch for CVE-2026-24858, a critical vulnerability in FortiOS Sin
#AfterShockIndex
Bluesky
Overview
Description
Statistics
- 10 Posts
Bluesky
Overview
Description
Statistics
- 7 Posts
- 35 Interactions
Fediverse
Nearly 800,000 #Telnet servers exposed to remote attacks
The security flaw (CVE-2026-24061) already has a proof-of-concept exploit, impacts GNU InetUtils versions 1.9.3 (released in 2015) through 2.7, and was patched in version 2.8 (released on January 20).
🚨 Critical #Telnet Authentication Bypass Vulnerability Discovered #CVE202624061 #cybersecurity #infosec #DevOps #security
🔓 #GNU Inetutils telnetd through version 2.7 allows remote authentication bypass via "-f root" USER environment variable
⚡ The exploit is shockingly simple: attackers send "-f root" as the USER value, triggering /usr/bin/login -f root which skips password authentication entirely
🧵 👇
✅ Immediate action required: Update to GNU Inetutils 2.8+ or migrate to #SSH for secure remote access
Bluesky
Overview
Description
Statistics
- 6 Posts
- 2 Interactions
Fediverse
https://blog.0patch.com/2026/01/micropatches-released-for-microsoft.html
Bluesky
Overview
- SolarWinds
- Web Help Desk
Description
Statistics
- 5 Posts
- 1 Interaction
Fediverse
https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/
SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD) software that could lead to full system takeover.
These flaws include unauthenticated Remote Code Execution (RCE) via insecure deserialization and multiple Authentication Bypasses, allowing attackers to execute protected methods without any credentials.
CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE)
CVE-2025-40552 & CVE-2025-40554 (Auth Bypass)
Overview
Description
Statistics
- 4 Posts
Fediverse
🚨 2 new vulnerability scripts created for the n8n vulnerabilities disclosed today:
CVE-2026-1470:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-1470.yaml
CVE-2026-0863:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-0863.yaml
Happy hunting.
n8n – CVE-2026-1470 et CVE-2026-0863 : deux nouvelles failles patchées, comment se protéger ? https://www.it-connect.fr/n8n-cve-2026-1470-et-cve-2026-0863-patchs-de-securite/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
Bluesky
Overview
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild by Peled Eldan and Erez Hasson from XM Cyber - December 31, 2025.
https://cybersec.xmcyber.com/s/mongobleed-cve-2025-14847-information-leak-vulnerability-exploited-in-the-wild-24961
Bluesky
Overview
- SmarterTools
- SmarterMail
Description
Statistics
- 2 Posts
- 2 Interactions
Fediverse
The VulnCheck research team found an unauth RCE vuln in SmarterMail that at least three other researchers discovered independently. VulnCheck canaries are also detecting in-the-wild exploitation of CVE-2026-24423. Lots of sudden attention on this software from researchers and adversaries.
https://www.vulncheck.com/blog/smartermail-connecttohub-rce-cve-2026-24423
Overview
Description
Statistics
- 2 Posts
Fediverse
React2Shell: IoT Nightmare Unleashed!
CVE-2025-55182 allows attackers to take control of IoT devices and web servers with a single HTTP request due to flaws in React Server Components.
Dive into its origins and explore hands-on exploits!
Article on this topic https://hackers-arise.com/react2shell-vulnerability-exploited-to-build-massive-iot-botnet/
#cybersecurity #hacking #vulnerability #infosec #hackingtools
Overview
- checkpoint
- Hramony SASE
Description
Statistics
- 3 Posts
Fediverse
Check Point Harmony Secure Access Service Edge Has A Critical Local Privilege Escalation Flaw
Researchers have uncovered a critical privilege-escalation vulnerability, in Check Point’s Harmony Secure Access Service Edge Windows client software, tracked as CVE-2025-9142, that enables hackers to write or delete files outside the certificate working directory that could compromise systems. More info can be here: Jim Routh, Chief Trust Officer at Saviynt, commented: “This…