Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The ...

A critical remote code execution flaw in the WPvivid Backup & Migration WordPress plugin puts over 900,000 sites at risk unless patched.

Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor Just months after Microsoft ...

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.

Microsoft has patched the Windows Notepad remote code execution vulnerability CVE-2026-20841, warning users to install February 2026 updates to block exploits.

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

Microsoft fixes a high-severity Notepad RCE flaw tied to Markdown files. Install the latest updates to protect your PC.