sittisak mintaboon

108/69 Monday, February 23, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting Roundcube Webmail to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active exploitation. The vulnerabilities include: Security firm FearsOff, which discovered CVE-2025-49113, reported that attackers were able to analyze and weaponize the vulnerability within just […]

107/69 Monday, February 23, 2026 PayPal has disclosed a data exposure incident stemming from a software error in its PayPal Working Capital (PPWC) platform, a business lending application. The flaw resulted in the unauthorized exposure of certain customers’ personal information between July 1 and December 13, 2025. Affected data included names, email addresses, phone numbers, […]

106/69 Monday, February 23, 2026 Researchers from Jamf, a company specializing in mobile device management, have disclosed new technical details about the “Predator” spyware developed by Intellexa. The spyware is capable of bypassing a key Apple privacy feature by suppressing the recording indicators-the green and orange dots displayed in the iPhone’s status bar when the […]

105/69 Friday, February 20, 2026 Researchers from security firm Novee have disclosed the discovery of 16 security vulnerabilities affecting PDF document management platforms, including Apryse WebViewer and Foxit PDF Cloud. The findings were assisted by AI agents used during the analysis process. The vulnerabilities range in severity from medium to critical and could potentially be […]

104/69 Friday, February 20, 2026 A Spanish court has issued precautionary measures against major VPN providers NordVPN and ProtonVPN, ordering both companies to block 16 websites involved in illegally streaming LaLiga football matches. The order applies to IP addresses within Spain and provides no opportunity for appeal. The ruling was issued inaudita parte, meaning it […]

103/69 Friday, February 20, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical vulnerability affecting multiple Honeywell CCTV camera models. The flaw, tracked as CVE-2026-1670, carries a severity score of 9.8/10 and allows attackers to bypass authentication remotely. Successful exploitation could directly impact business environments and even […]

102/69 Thursday, February 19, 2026 Notepad++ has released version 8.9.2 to address vulnerabilities in its automatic update system that were previously exploited in a supply chain attack. The new release introduces a “Double-lock” security mechanism, implementing two layers of verification: This dual-verification process ensures that update files delivered to users have not been tampered with […]

101/69 Thursday, February 19, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active exploitation. The newly added vulnerabilities are: Regarding CVE-2026-2441, Google has confirmed active exploitation in the wild. However, detailed technical information about the attack techniques has […]

100/69 Thursday, February 19, 2026 Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) have disclosed that a threat actor tracked as UNC6201 has been conducting covert attacks by exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines, a backup and disaster recovery solution for VMware environments. The vulnerability, identified as […]

99/69 Wednesday, February 18, 2026 Washington Hotel, a major business hotel chain in Japan, has issued a statement confirming that its server systems were targeted by a ransomware attack on Friday, February 13, 2026, at 10:00 PM. The incident resulted in unauthorized access to certain business-related data. As an immediate containment measure, the company disconnected […]