24h | 7d | 30d

Overview

  • Google
  • Chrome

13 Feb 2026
Published
18 Feb 2026
Updated

CVSS
Pending
EPSS
0.53%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 6 Posts
  • 4 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

Google corrige un zero-day de Chrome (CVE-2026-2441) ya explotado en ataques

blog.elhacker.net/2026/02/goog

  • 1
  • 2
  • 0
  • 18h ago
Profile picture fallback

Chrome CSS Zero-Day (CVE-2026-2441)

Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.

forum.hashpwn.net/post/10273

  • 1
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html Google Chromeの安定版チャンネルがアップデートされました。 今回の更新にはCSSのUse after free脆弱性 (CVE-2026-2441) の修正が含まれています。 この脆弱性に対する悪用がすでに確認されているため、早めの更新が推奨されます。
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
現場で悪用されているゼロデイのCSS脆弱性 CVE-2026-2441 Zero-day CSS: CVE-2026-2441 exists in the wild 🔺 369 💬 21 🔗 HN Post | Article
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Zero-day CSS: CVE-2026-2441 exists in the wild https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html comments #chromereleases.googleblog.com
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
CVE-2026-2441: The First Chrome Zero-Day of 2026 is Already Exploited—Patch Now + Video Introduction: The cybersecurity landscape of 2026 has begun with a stark reminder of our browser-based attack surface. A high-severity zero-day vulnerability, designated CVE-2026-2441, has been discovered in…
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: Last hour

Bluesky

Profile picture fallback
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119) 📖 Read more: www.helpnetsecurity.com/2026/02/19/w... @msftresearch.bsky.social #CyberSecurity #CyberSecurityNews #Microsoft
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Microsoft Patches CVE-2026-26119 Privilege Escalation In Windows Admin Center - https://mwyr.es/XiaTZ3k #thn #infosec
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
マイクロソフト、Windows Admin Center における権限昇格脆弱性 CVE-2026-26119 を修正 Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #HackerNews (Feb 19) thehackernews.com/2026/02/micr...
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Dell
  • RecoverPoint for Virtual Machines

17 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
28.78%

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 7 Posts
  • 1 Interaction

Last activity: 13 hours ago

Fediverse

Profile picture fallback

CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint for VMs is under confirmed exploitation.

Attribution: UNC6201 (linked to Silk Typhoon)
Malware: BRICKSTORM (evolving) → GRIMBOLT
Vector: Hard-coded credentials
Impact Layer: VMware-integrated DR appliances

This is a high-leverage target:
- Elevated privileges
- Direct integration with hypervisors & storage
- Influence over replicated datasets
- Potential long-term espionage dwell time

CISA has mandated immediate patching for federal agencies.

Key takeaway: Recovery infrastructure is now an active battlefield.
How are you validating integrity of replicated VM copies?
Comment below.

Source: therecord.media/fed-agencies-o

Follow TechNadu for threat intelligence updates.
Share within your security teams.

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

The issue, officially named CVE-2026-22769, involves hardcoded credentials. This means the software came with a built-in username and password that could not be easily changed.
5/10

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
The CISA Has Provided Two Warnings That You Should Pay Attention To The CISA has given US government agencies three days to patch their systems against a maximum-severity hardcoded credential vulnerability (CVE-2026-22769)in Dell’s RecoverPoint solution exploited by the UNC6201 Chinese hacking…
  • 0
  • 1
  • 1
  • 13h ago
Profile picture fallback
(GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. thehackernews.com/2026/02/de...
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Dell Zero-Day Exploit (CVE-2026-22769): How UNC6201 Weaponized Hard-Coded Credentials + Video Introduction: In a stark reminder of the risks lurking within enterprise backup infrastructure, a maximum-severity zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been under active…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Critical Zero-Day in Dell RecoverPoint for VMs: Chinese APT Exploits Hardcoded Credentials for Root Access Since 2024 + Video Introduction A maximum-severity zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines has been under active exploitation by suspected Chinese…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows Notepad

10 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.09%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 5 Posts
  • 4 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at zerodayinitiative.com/blog/202

  • 1
  • 2
  • 1
  • 13h ago
Profile picture fallback
  • 0
  • 0
  • 1
  • 12h ago

Bluesky

Profile picture fallback
[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad www.thezdi.com -> ZDI analysis of the notorious vuln Original->
  • 0
  • 1
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

13 May 2025
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.28%

KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 3 Posts

Last activity: 5 hours ago

Bluesky

Profile picture fallback
EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969) www.safebreach.com/blog/safebre... github.com/SafeBreach-L...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
The latest update for #SafeBreach includes "SafeBreach's Evolution into an #AI-First Development Team: Part I" and "EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft #Windows (CVE-2025-29969)". #Cybersecurity https://opsmtrs.com/41NWGuQ
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
EventLogin Exploit: How Low-Privilege Users Can Weaponize Windows Event Logging to Own Your Domain + Video Introduction: In a startling revelation for enterprise security, a new proof-of-concept tool named "EventLogin" has emerged, demonstrating the active exploitation of CVE-2025-29969. This…
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

26 Jan 2026
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
9.21%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 3 Posts
  • 6 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
youtube.com/watch?v=Ck8IPInn74A

  • 2
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Quick dance with CVE-2026-21509, a "Security Feature Bypass Vulnerability" and an emergency out-of-band fix from January Patch Tuesday (and an obligatory exaggerated YouTube thumbnail -- I apologize and appreciate folks who understand algorithm nuance) youtu.be/Ck8IPInn74A
  • 0
  • 4
  • 1
  • 21h ago

Overview

  • Grandstream
  • GXP1610

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%

KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) 📖 Read more: www.helpnetsecurity.com/2026/02/19/g... #cybersecurity #cybersecuritynews #securityupdate #vulnerability #VoIP #SMBs @rapid7.com @stephenfewer.bsky.social @fulmetalpackets.bsky.social
  • 1
  • 1
  • 0
  • 22h ago
Profile picture fallback
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) #patchmanagement
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • microsoft
  • semantic-kernel

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 9 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 14h ago

Overview

  • Dell
  • PowerProtect Data Manager

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.04%

KEV

Description

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🔔 CVE-2026-22267 (HIGH): Dell PowerProtect Data Manager <19.22 lets remote low-priv users escalate privileges. Urgently restrict remote access, enforce least privilege, and monitor logs. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
📌 CVE-2026-22267 https://www.cyberhub.blog/article/alert-cve-2026-22267
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

unit42.paloaltonetworks.com/be

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk" and "Emerging Threat: CVE-2026-1731 – BeyondTrust Privileged Access Exposure Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 85 CVEs