21Articles
9Categories
2026-02-05Date
🚨 CISA KEV 1[−]
5 Feb KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423 SmarterTools SmarterMail Missing Authenticatio…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
5 FebCVE-2026-24302 Azure Arc Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
5 FebCVE-2026-21532 Azure Function Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
5 FebCVE-2026-0391 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
5 FebChromium: CVE-2026-1861 Heap buffer overflow in libvpxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
5 FebZDI-26-068: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are …ZERODAYINITIATIVE.COM
5 FebZDI-26-067: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are …ZERODAYINITIATIVE.COM
5 FebZDI-26-066: (Pwn2Own) Lexmark CX532adwe getCFFNames Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-20…ZERODAYINITIATIVE.COM
5 FebZDI-26-065: (Pwn2Own) Lexmark CX532adwe usecmap Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-20…ZERODAYINITIATIVE.COM
5 FebZDI-26-064: (Pwn2Own) Lexmark CX532adwe execuserobject Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-20…ZERODAYINITIATIVE.COM
5 FebZDI-26-063: (Pwn2Own) Lexmark CX532adwe libesffls Directory Traversal Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX532adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-20…ZERODAYINITIATIVE.COM
5 FebZDI-26-062: (Pwn2Own) Lexmark CX532adwe esfhelper Untrusted Search Path Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX532adwe printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a C…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
5 FebSIEM Rules for detecting exploitation of vulnerabilities in FortiCloud SSOA set of SIEM rules for detecting attempts to bypass authentication in Fortinet products using the FortiCloud SSO mechanism has been added to the Kaspersky Unified Monitoring and Analysis Platform.KASPERSKY.COM
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 1[−]
5 FebBetterment - 1,435,174 breached accountsIn January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 1[−]
5 FebThe Power of Glean and Prisma AIRS IntegrationSecurely accelerate AI adoption with the Glean and Prisma AIRS integration: real-time defense against prompt injection, toxic content and malicious code. The post The Power of Glean and Prisma AIRS Integration appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
5 Feb2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaultsThe number of DDoS attacks more than doubled in 2025. The network layer is under particular threat as hyper-volumetric attacks grew 700%.CLOUDFLARE.COM
🎙️ PODCASTS 1[−]
5 FebSmashing Security podcast #453: The Epstein Files didn’t hide this hacker very wellSupposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecur…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 2[−]
5 FebIncognito Market admin sentenced to 30 years for running $105 million dark web drug empireHe promised "the best security there is" to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug bazaar wasn't such a good idea…BITDEFENDER.COM
5 FebHow to write your first obfuscator of Java BytecodeIn this article I describe Java bytecode obfuscation, using one of the challenges I did in 2023 as part of the interviews with Quarkslab for the position of Java compiler engineer in QShield.QUARKSLAB.COM