13Articles
4Categories
2026-01-22Date
🚨 CISA KEV 1[−]
22 Jan KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability CVE-2025-5…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
22 JanCVE-2026-21520 Copilot Studio Information Disclosure VulnerabilityExposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vectorMSRC.MICROSOFT.COM
22 JanCVE-2026-24304 Azure Resource Manager Elevation of Privilege VulnerabilityImproper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-24306 Azure Front Door Elevation of Privilege VulnerabilityImproper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-21524 Azure Data Explorer Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-24305 Azure Entra ID Elevation of Privilege VulnerabilityAzure Entra ID Elevation of Privilege VulnerabilityMSRC.MICROSOFT.COM
22 JanCVE-2026-24307 M365 Copilot Information Disclosure VulnerabilityImproper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-21227 Azure Logic Apps Elevation of Privilege VulnerabilityImproper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-21521 Word Copilot Information Disclosure VulnerabilityImproper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
22 JanCVE-2026-21264 Microsoft Account Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
🔥 INCIDENT REPORTING 2[−]
22 JanEuropean Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission dataIt has just been a few weeks since reports emerged of the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
22 JanWatering Hole Attack Targets EmEditor Users with Information-Stealing MalwareTrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions.TRENDMICRO.COM
📡 INFOSEC NEWS 1[−]
22 JanCommon Apple Pay scams, and how to stay safeHere’s how the most common scams targeting Apple Pay users work and what you can do to stay one step aheadWELIVESECURITY.COM