Sårbarhetsflöden

New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact. The post API Threats Grow in Scale as AI Expands the Blast Radius appeared first on SecurityWeek.

As nation-state actors, ransomware groups, and aging infrastructure collide, organizations must rethink how they defend critical operations through resilience, visibility, and modern security strategies. The post Cyber Insights 2026: The…

Polish police said they found evidence of cybercrime on the 47-year-old suspect’s devices. The post Man Linked to Phobos Ransomware Arrested in Poland appeared first on SecurityWeek.

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as…

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A…

My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My…

Industrial cybersecurity firm Dragos has published its 9th Year in Review OT/ICS Cybersecurity Report. The post 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos appeared first on SecurityWeek.

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine…

Researchers at ETH Zurich have tested the security of Bitwarden, LastPass, Dashlane, and 1Password password managers. The post Password Managers Vulnerable to Vault Compromise Under Malicious Server appeared first on SecurityWeek.

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and…

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant…

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations…

The GS7 cyberthreat group targets US financial institutions with near-perfect imitations of corporate portals to steal credentials and gain remote access.

Luxury brands were among the dozens of major companies whose Salesforce instances were targeted by Scattered LAPSUS$ Hunters. The post Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches appeared first on SecurityWeek.

30 copycat apps tricked users, and Google itself, into thinking they're legitimate AI tools.

The latest Android version continues to improve security and privacy, according to its developers. The post Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security appeared first on SecurityWeek.

CISA is currently operating at roughly 38% capacity (888 out of 2,341 staff) due to the DHS shutdown that began February 14, 2026. The post CISA Navigates DHS Shutdown With Reduced Staff appeared first on SecurityWeek.

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers…

Attackers are using DNS requests to deliver a RAT named ModeloRAT to targeted users. The post Microsoft Warns of ClickFix Attack Abusing DNS Lookups appeared first on SecurityWeek.

Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission-Oriented Science and Innovation Programmes Will Address Societal Challenges’. Technologies…

Amazon’s smart doorbell maker Ring has terminated a partnership with police surveillance tech company Flock Safety. The post Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash appeared first on SecurityWeek.

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The…

Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks also invest in secure browser technologies.

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight.

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors' networks.

As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.

Updated information to include CVSS scores. This is an informational change only.

Download links fixed

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco…

Idag kom nyheten om ett nytt samarbete gällande cybersäkerhet mellan Sverige och Ukraina, något som går att ta del av i veckobrevet. Utöver det kan du läsa om andra nyheter, rapporter och analyser inom cybersäkerhetsområdet.

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an…

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of…

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.

The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.

Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats.

Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams.

Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions (MIME) Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive…

Added an FAQ and updated the CVSS score. This is an informational change only.

Added FAQ information. This is an informational change only.

Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. |…

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner…

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This…

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | Åtgärd: Apply mitigations per vendor instructions, follow…

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Flera leverantörer har släppt sina månatliga säkerhetsuppdateringar för februari.

Acknowledgement added. This is an informational change only.

Changes made to the security updates links and information. This is an informational change only.

Multiple Cisco products are affected by vulnerabilities in the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection…

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

CVSSv3 Score: 6.4 An Improper Link Resolution Before File Access vulnerability [CWE-59] in FortiClient Windows may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. Revised on 2026-02-10 00:00:00

CVSSv3 Score: 3.8 An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] in FortiOS FSSO Terminal Services Agent may allow an authenticated user with knowledge of FSSO policy configurations to gain…

CVSSv3 Score: 6.7 A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. Revised on 2026-02-10 00:00:00

CVSSv3 Score: 7.5 An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration. Revised on 2026-02-10 00:00:00

CVSSv3 Score: 6.8 A missing authorization vulnerability [CWE-862] in FortiAuthenticator may allow a read-only admin to make modification to local users via a file upload to an unprotected endpoint. Revised on 2026-02-10 00:00:00

CVSSv3 Score: 5.2 An HTTP request smuggling vulnerability [CWE-444] in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header Revised on 2026-02-10 00:00:00

CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency…

CVSSv3 Score: 7.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests.FortiSandbox…

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | Åtgärd: Apply mitigations per vendor instructions, follow applicable…

Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01…

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD…

Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. | Åtgärd: Apply mitigations per vendor instructions, follow applicable…

Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for…

Ingen sammanfattning tillgänglig.

Behöver din organisation stärka sin förmåga att hantera cyberhot och arbeta effektivt med informationsdelning?

Måndagen 9 februari lanseras MISP-SE, något som du kan läsa mer om nedan tillsammans med andra nyheter, rapporter och analyser inom cybersäkerhetsområdet.

CVSSv3 Score: 9.1 An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via…

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.…

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing…

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.…

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This…

Denna vecka har det rapporterats om ett flertal sårbarheter, bland annat gällande nolldagssårbarheter i Microsoft Office och Fortinet FortiOS. Utöver detta går det även att läsa CERT-PL:s rapport om angreppet mot polska energianläggningar som skedde i december.

Ivanti har publicerat säkerhetsuppdateringar för två kritiska sårbarheter i Ivanti Endpoint Manager Mobile (EPMM). [1]

CVSSv3 Score: 9.8 CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially…

SolarWinds har publicerat uppdateringar som åtgärdar följande fyra kritiska sårbarheter i SolarWinds Web Help Desk: CVE-2025-40551 CVE-2025-40552 CVE-2025-40553 CVE-2025-40554

Microsoft har publicerat information om en nolldagssårbarhet i Microsoft Office som exploateras av hotaktörer [1]. Sårbarheten (CVE-2026-21509) har fått CVSS-klassificering 7.8 (CVSS v.3.1) av Microsoft [2] och kan ge en oautentiserad…

EU-kommissionen har under veckan presenterat ett nytt cybersäkerhetspaket, där cybersäkerhetsmyndigheten ENISA får en tydlig förstärkning. Detta går att läsa om i veckobrevet tillsammans med flera nyheter, rapporter och analyser inom cybersäkerhetsområdet.

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service…

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability…

Oracle har publicerat information om en sårbarhet i Oracle HTTP Server och WebLogic Server Proxy Plug-in. Sårbarheten, CVE-2026-21962, är kritisk och har fått en CVSS-klassning på 10. [1]

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

Ingen sammanfattning tillgänglig.

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information…

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls.…

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file…

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper…

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

2.5 million people were affected, in a breach that could spell more trouble down the line.

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.