Cybersecurity Articles

15/69 Friday, January 9, 2026 Cisco has released a security update to address CVE-2026-20029 affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which are used for network access control and identity management. The vulnerability is caused by improper handling of XML input processing in the Web Management Interface, allowing an attacker […]

14/69 Friday, January 9, 2026 Veeam has released security updates to address multiple vulnerabilities in Veeam Backup & Replication, including a critical issue tracked as CVE-2025-59470 with a CVSS score of 9.0. This vulnerability could allow remote code execution (RCE), enabling users assigned the Backup or Tape Operator roles to execute arbitrary code as the […]

13/69 Friday, January 9, 2026 A critical security vulnerability, tracked as CVE-2025-68428, has been discovered in jsPDF, a popular JavaScript library with more than 3.5 million downloads per week. The vulnerability carries a CVSS score of 9.2 and stems from Local File Inclusion (LFI) and Path Traversal flaws in the file-loading mechanism when jsPDF is […]

12/69 Thursday, January 8, 2026 The CERT Coordination Center (CERT/CC) has disclosed details of a vulnerability tracked as CVE-2025-65606 affecting the TOTOLINK EX200 wireless range extender. The flaw allows a remote attacker with access to the device to escalate privileges to the highest level (root). The vulnerability stems from improper firmware upload error handling, which […]

11/69 Thursday, January 8, 2026 Google has released the January 2026 Android security update to address a critical vulnerability in the Dolby Digital Plus (Dolby DD+) audio decoder, tracked as CVE-2025-54957. The flaw is rated Critical and was originally discovered by researchers from Google Project Zero in October 2025. Google had previously begun rolling out […]

10/69 Thursday, January 8, 2026 A critical security vulnerability, CVE-2026-0625, has been identified in several legacy D-Link router models that have already reached End-of-Life (EoL). The vulnerability is a Command Injection flaw in a CGI library, specifically at the dnscfg.cgi endpoint, caused by insufficient input validation. This flaw allows unauthenticated attackers to execute arbitrary commands […]

09/69 Wednesday, January 7, 2026 Security researchers from Zenity Labs have warned about potential security risks associated with Anthropic’s “Claude in Chrome” extension, which enables the AI to directly browse websites, fill out forms, and interact with web applications on behalf of users. Because the extension remains logged in at all times, Claude effectively gains […]

08/69 Wednesday, January 7, 2026 Ledger, the manufacturer of self-custodial hardware wallets for digital assets, has notified some customers that their personal information may have been affected by a data breach involving its third-party payment service provider, Global-e. The company emphasized that the incident did not impact Ledger’s own network, hardware, or software systems, and […]

07/69 Wednesday, January 7, 2026 Security researchers from Securonix have identified a new cyberattack campaign dubbed PHALT#BLYX, targeting businesses in the travel and hospitality sector. Attackers send phishing emails impersonating customers from Booking[.]com, claiming to cancel hotel reservations and requesting unusually large refunds to create a sense of urgency. When employees click the link in […]

06/69 Tuesday, January 6, 2026 Cybersecurity researchers have identified a new information-stealing malware strain called VVS Stealer, developed in Python and heavily obfuscated using the PyArmor tool to evade security detection. The malware has been sold on Telegram since April 2025 at prices starting as low as €10 (approximately USD 11), and is primarily designed […]