SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. The…
Author: Cybernoz
ZAP JavaScript Engine Memory Leak Issue Impacts Active Scan Usage
The ZAP (Zed Attack Proxy) project, a widely used open-source web application security scanner, has disclosed a critical memory leak in its JavaScript engine. This…
eSkimming Attacks Surge with Evolving Tactics and Ongoing Recovery Challenges
A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time incident that ends with script…
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path…
Malicious Chrome extensions can spy on your ChatGPT chats
Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history…
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to…
ENEC, TII and Aspire test autonomous aerial systems for critical infrastructure security
The Emirates Nuclear Energy Company (ENEC), the Technology Innovation Institute (TII) and Aspire have launched a joint proof-of-concept (PoC) project to assess the use of…
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
By Itamar Apelblat, CEO & Co-Founder, Token Security For decades, compliance frameworks were built on an assumption that now feels outdated: humans are the primary…
Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation
A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2025-9142,…
Cal.com Broken Access Controls Lead to Account Takeover and Data Exposure
Cal.com, an open-source scheduling platform and developer-friendly alternative to Calendly, recently patched a set of critical vulnerabilities that exposed user accounts and sensitive booking data…
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited,…
UK competition regulator looks into Google’s AI search
The Competition and Markets Authority (CMA) has proposed what it describes as a “package of measures” to improve how Google delivers search services in the…