🚨 This week’s CrowdSec Threat Alert article highlights CVE-2025-59287, a critical WSUS RCE being actively probed and exploited in real-world environments.

Dive into the data, attack patterns, and mitigation steps 👉 https://www.crowdsec.net/vulntracking-report/cve-2025-59287

#CVE #CVE202559287 #threatalert #cybersecurity

Reminder this Wednesday.

🚨 OWASP Ottawa January Meetup – Featuring Vincent Dragnea! 🚨

#OWASP #Ottawa is excited to announce that we are hosting our first monthly meetup of the year! We’re thrilled to welcome Vincent Dragnea to our in-person meetup at the University of Ottawa on January 21, 2026.

RSVP at:

meetup.com/owasp-ottawa/events/312793912

📅 Date: January 21, 2026
⏰ Time: 6:00 PM EST – Arrival, networking & pizza 🍕
6:30 PM EST – Technical Talks
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
🎙️ Talk: "SameSite...or not? Bypassing SameSite cookie protections in browsers"

SameSite cookies are often relied upon too heavily to prevent cross-site request forgery, yet, due to browser implementations, these cookies can be included in unexpected requests. This talk demonstrates novel techniques to attach SameSite=Strict cookies to GET requests originating from another site, including a Google Chrome vulnerability (CVE-2025-8581) discovered while researching these methods. This material aims to help researchers identify insecure behaviors, as well as teach developers how to avoid them.

📺 Can’t make it in person? Watch live on the YouTube channel at youtube.com/@OWASP_Ottawa

🔴 CVE-2026-22797 - Critical (9.9)

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers be...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22797/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1140 - High (8.8)

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1140/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1158 - High (8.8)

A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1158/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-1162 - Critical (9.8)

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The ex...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1162/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1157 - High (8.8)

A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1157/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1137 - High (8.8)

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1137/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack