Festo Didactic SE MES PC
View CSAF Summary MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time,…
Security News, Assessments & Alerts
Security News, Assessments & Alerts
Security Issues, Vulnerabilities, Exploits & Government Alerts
Schneider Electric Zigbee Products | CISA
View CSAF Summary Schneider Electric is aware of multiple vulnerabilities with EmberZNet disclosed by Silicon Labs. Many vendors, including Schneider Electric, use Silicon Labs’ Zigbee processors in their offers. The following have denial of service…
Johnson Controls Metasys Products | CISA
View CSAF Summary Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. The following versions of Johnson Controls Metasys Products are affected: Metasys Application and Data…
Prioritization, Validation, and Outcomes That Matter
The Hacker NewsJan 27, 2026Attack Surface Management / Cyber Risk Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who…
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked…
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The…
Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation
Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out…
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire…
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to…
Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Ravie LakshmananJan 26, 2026Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving…