Vulnerabilities
-
CISA adds FileZen OS command injection CVE-2026-25108 to Known Exploited Vulnerabilities
CISA added FileZen CVE-2026-25108 to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The OS command injection affects specified versions and requires updating to 5.0.11 or later before March 17, 2026.
-
RoguePilot flaw in GitHub Codespaces could have leaked GITHUB_TOKEN, researcher says
A flaw named RoguePilot let attackers hide Copilot instructions in a GitHub issue to manipulate Codespaces and leak a privileged GITHUB_TOKEN. Orca Security published a technical analysis and Microsoft patched the issue after disclosure.
-
AI-assisted actor exploits weak FortiGate management to compromise over 600 devices
A technical report by Amazon Integrated Security says a Russian-speaking actor used commercial generative AI to compromise more than 600 FortiGate firewalls across 55 plus countries by exploiting exposed management ports and weak credentials.
-
Security analysis finds vulnerabilities in popular mental health apps on Google Play
A technical analysis by Oversecured found vulnerabilities in popular Android mental health apps that can expose conversation histories and mood data. Affected apps have tens of millions of combined downloads and the flaws remain unpatched.
-
Malicious NPM package hides Pulsar RAT inside PNG images using steganography and obfuscated dropper
A malicious NPM package ‘buildrunner-dev’ downloads an obfuscated batch loader and hides encrypted payloads inside PNG images. Extraction recovered a .NET loader and a Pulsar RAT embedded via steganography.
-
Critical Grandstream GXP1600 flaw allows root takeover and silent eavesdropping
A critical stack overflow in Grandstream GXP1600 VoIP phones allows unauthenticated remote root access and silent eavesdropping. CVE-2026-2329 is rated 9.3. Firmware 1.0.7.81 fixes the vulnerability.
-
Texas sues TP-Link over alleged deceptive labeling and security risks
Texas sued TP-Link, accusing the company of deceptive “Made in Vietnam” labeling and security failures that allowed state-backed hackers to exploit firmware flaws. The suit seeks monetary penalties and injunctions to force disclosure and change data practices.
-
Critical unauthenticated RCE in Grandstream GXP1600 VoIP phones tracked as CVE-2026-2329
Critical unauthenticated buffer overflow in Grandstream GXP1600 VoIP phones CVE-2026-2329 scores 9.3 and allows unauthenticated remote root execution. A vendor firmware update addresses the flaw.
-
Critical flaws found in four Visual Studio Code extensions
Researchers disclosed multiple high severity vulnerabilities in four popular Visual Studio Code extensions with more than 125 million installs. Several flaws remain unpatched and one extension was silently fixed by Microsoft in version 0.4.16.
-
China-linked group exploited Dell RecoverPoint zero-day
Researchers found UNC6201 exploiting a hardcoded-password zero-day in Dell RecoverPoint for VMs since mid-2024, enabling root access. A vendor advisory and patch were issued. The campaign shifted from Brickstorm to a stealthier Grimbolt backdoor.
