Announcements

cPanel has released a security update to address a vulnerability in cPanel software and WebHost Manager (WHM) affecting all versions after 11.40. The addressed vulnerability could allow the remote unauthorized attacker to bypass authentication and gain access to the affected systems. The addressed vulnerability: cPanel & WHM Login Flow Authentication Bypass Vulnerability (CVE-2026- 41940): CVSS: […]

Google has released an updated Chrome version 147.0.7727.137/138 for Windows and Mac, and 147.0.7727.137 for Linux. The addressed vulnerabilities could allow the attacker to bypass security restrictions, induce the victim to install a malicious extension to leak cross-origin data via a crafted Chrome Extension, obtain sensitive information, exploit heap corruption, or execute arbitrary code, and

Mozilla has released an updated Firefox version 150.0.1, Firefox ESR versions 115.35.1 and 140.10.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, exploit memory corruption to achieve arbitrary code execution, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Mozilla Firefox

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, conduct server-side request forgery attacks, execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Microsoft Entra ID Spoofing Vulnerability (CVE-2026-35431): CVSS: 10.0 Attack Vector:

Google has released an updated version of Chrome, 147.0.7727.116/117 for Windows and Mac, and 147.0.7727.116 for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, escalate privileges, and potentially perform a sandbox escape via a crafted HTML page or video file. Sample of the addressed vulnerabilities: 1. Google Chrome DevTools Use

Microsoft has released a security update to address a vulnerability that affects ASP.NET Core 10.0. The addressed vulnerability could allow the remote unauthenticated attacker to gain SYSTEM privileges on the affected devices by forging authentication cookies. The addressed vulnerability: Microsoft ASP.NET Core 10.0 Improper Verification of Cryptographic Signature (CVE-2026-40372): CVSS: 9.1 Attack Vector: Network Attack

Oracle released its critical patch updates for April 2026, including 450 new security patches across multiple affected Oracle and third-party products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, manipulate data, gain privileges, perform denial-of-service attacks, execute arbitrary code, and gain access to the affected systems. Sample of the

Mozilla has released an updated Firefox version 150, Firefox ESR versions 115.35 and 140.10 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate data, gain elevated privileges, obtain sensitive information, perform denial-of-services and spoofing attacks, execute arbitrary code, and gain access to the affected systems. Sample of the

Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, gain elevated privileges, manipulate data, conduct cross-site scripting attacks, execute arbitrary commands, and gain access to the affected products. Sample of addressed vulnerabilities: 1. Cisco Identity Services Engine Remote Code Execution

Google has released an updated Chrome version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial-of service attacks, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a malicious website. Sample of

Adobe has released security updates to address several vulnerabilities affecting Adobe Acrobat DC, Acrobat 2024, Acrobat Reader DC and Adobe ColdFusion. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, bypass security restrictions, execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Adobe

Fortinet has released security updates to fix several vulnerabilities affecting multiple Fortinet products. The addressed vulnerabilities could allow the attacker to execute unauthorized code or commands, bypass authentication controls, gain elevated privileges, perform denial-of-service and URL open redirection attacks, obtain sensitive information, conduct cross-site scripting, SSRF, and SQL injection attacks, and gain access to the

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released security updates to address vulnerabilities across multiple SAP products, including SAP Business Planning and Consolidation, SAP Business Warehouse, SAP ERP, SAP S/4HANA, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server (ABAP and Java), SAP Human Capital Management, SAP

Google has released an updated Chrome version 147.0.7727.55/56 for Windows/Mac and 147.0.7727.55 for Linux. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain elevated privileges, obtain sensitive information, bypass security restrictions, or perform denial-of-service attacks on the affected system. Sample of the addressed vulnerabilities: 1. Google Chrome Use After Free in PrivateAI

Juniper Networks has released security updates to address several vulnerabilities affecting multiple Juniper products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, bypass security restrictions, obtain sensitive information, perform denial-ofservice attacks, conduct cross-site scripting attacks, or execute arbitrary commands and gain access to the affected system. Sample of the addressed vulnerabilities: 1.

Mozilla has released an updated Firefox version 149.0.2, Firefox ESR versions 115.34.1 and 140.9.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and corrupt memory that could lead to full compromise of the affected system. Sample of the addressed vulnerabilities: Mozilla Firefox and Firefox ESR Memory Safety

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges or obtain sensitive information from the affected systems. Sample of the addressed vulnerabilities: 1. Azure AI Foundry Elevation of Privilege Vulnerability (CVE-2026-32213): CVSS: 10 Attack Vector: Network Attack Complexity: Low Privileges

Fortinet has released a security update to address a critical vulnerability affecting FortiClient EMS versions 7.4.5 through 7.4.6 The addressed vulnerability could allow the remote attacker to gain elevated privileges, execute unauthorized code or commands via crafted requests, and gain access to the affected systems. FortiClient EMS API Authentication and Authorization Bypass Vulnerability (CVE- 2026-35616):

A supply chain attack targeted the Axios NPM package, a widely used HTTP client in the JavaScript and Node.js ecosystem. Malicious versions of the package were published to the official npm repository. When installed, these versions resulted in the deployment of a cross-platform Remote Access Trojan (RAT) affecting Windows, Linux, and macOS systems. On March

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass authentication and security restrictions, execute arbitrary commands or code, gain elevated privileges, obtain sensitive information, conduct cross-site scripting and serverside request forgery attacks, manipulate files, and gain access to the affected systems. Sample