🔴 CVE-2026-2577: CRITICAL vuln in HKUDS nanobot WhatsApp bridge (port 3001) — no auth required for WebSocket! Attackers can hijack sessions & intercept messages. Restrict access & monitor traffic. https://radar.offseq.com/threat/cve-2026-2577-cwe-306-missing-authentication-for-c-d0d526e7 #OffSeq #CVE20262577 #Infosec #Vuln

⚠️ CVE-2026-2439 (HIGH): BVA Concierge::Sessions 0.8.1-0.8.4 uses weak session ID generation, risking session hijack. Upgrade or use secure RNG for session IDs! No active exploits, but risk is significant. https://radar.offseq.com/threat/cve-2026-2439-cwe-340-generation-of-predictable-nu-8847b5d6 #OffSeq #Infosec #Vuln #SessionID

CVE-2026-2550 (CRITICAL, CVSS 9.3) in EFM iptime A6004MX 14.18.2: Unrestricted remote file upload via /cgi/timepro.cgi. Exploit public, no vendor response. Isolate affected devices ASAP. https://radar.offseq.com/threat/cve-2026-2550-unrestricted-upload-in-efm-iptime-a6-a8baac0d #OffSeq #Vulnerability #InfoSec #RouterSecurity

CVE-2026-2550 (CRITICAL): EFM iptime A6004MX (fw 14.18.2) allows unauthenticated uploads via /cgi/timepro.cgi — enabling full device compromise. No patch yet. Block access & monitor for malicious activity. https://radar.offseq.com/threat/cve-2026-2550-unrestricted-upload-in-efm-iptime-a6-a8baac0d #OffSeq #Vuln #RouterSecurity #CVE2026

Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE.

#security

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE.

#security

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

@Earl

Are you referring to venerability CVE-2024-29510 that was patched in Ghost script version 10.03.1?

Or are you referring to CVE-2023-36664 that was found in Ghost Script version 10.01.2?

Or something else entirely?

https://tuxcare.com/blog/ghostscript-vulnerability/
https://www.kroll.com/en/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability

Recent intelligence (Feb 15-16, 2026): Google patched an actively exploited Chrome zero-day (CVE-2026-2441), and a critical FileZen flaw (CVE-2026-25108) also sees in-the-wild exploitation. Microsoft unveiled an AI Security Dashboard for enterprises. Geopolitically, China's Russian oil imports surged 21%, and Indonesia considers deploying 8,000 troops to Gaza. A Trusted Tech Alliance formed to secure digital infrastructure. AI ethics concerns continue to be prominent.

#Cybersecurity #TechNews #Geopolitics