news
Security Leftovers
-
Scoop News Group ☛ Fortinet’s latest zero-day vulnerability carries frustrating familiarities for customers
Attackers have exploited the critical defect to reconfigure firewall settings, create unauthorized accounts with privileged access to multiple versions of the vendor’s security products.
-
OpenSSF (Linux Foundation) ☛ OpenSSF at FOSDEM 2026: From Policy to Practical Security
FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for two days of technical talks, hallway discussions, and collaboration.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (java-1.8.0-openjdk), Debian (openssl), Fedora (assimp, chromium, curl, freerdp, gimp, and harfbuzz), Mageia (glibc, haproxy, iperf, and python-pyasn1), Red Hat (image-builder, openssl, and osbuild-composer), Slackware (mozilla), SUSE (avahi, cups, gio-branding-upstream, google-osconfig-agent, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel-firmware, libmatio-devel, libopenjp2-7, nodejs22, php8, python-python-multipart, python311-urllib3_1, qemu, and xen), and Ubuntu (ffmpeg, jaraco.context, openssl, and openssl, openssl1.0).
-
Security Week ☛ APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability
Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025.
-
Security Week ☛ High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm.
-
Stanford University ☛ From the community | MAHA is worsening nutrition insecurity — ‘Food is Medicine’ can do better
Knight-Hennessy scholar and medical school Ph.D. student Jasmyn Burdsall argues that cutting SNAP/WIC benefits worsens nutrition insecurity, and that investment into culturally-appropriate solutions is necessary.
-
SANS ☛ Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or Hey Hi (AI) Slop
I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request: [...]
-
Security Week ☛ Fortinet Patches Exploited FortiCloud SSO Authentication Bypass
Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts.
-
Security Week ☛ US Charges 31 More Defendants in Massive ATM Hacking Probe
A total of 87 individuals, mostly Venezuelan nationals, have been charged for their role in the ATM jackpotting scheme.
-
CISA adds critical Microsoft Office, Linux Kernel, and SmarterMail vulnerabilities to KEV catalog
As outlined in Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog, adding several critical flaws affecting widely used software including Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and the Linux Kernel.