
What you need to know today.
cpp-httplib, Apache Log4j API, and h2o HTTP server face vulnerabilities related to JSON serialization and buffer handling.
Nihon Kotsu, Japan's largest taxi operator, has shut down significant parts of its IT infrastructure following a cyberattack, impacting dispatch systems and booking services.
The U.S. Treasury Department has sanctioned First VPN Service (1VPNS) and its Ukrainian administrator, marking the first time a VPN provider has been targeted for facilitating ransomware attacks.
Organizations increasingly relying on third-party AI models and open-source repositories face significant, often unseen, supply chain risks that mirror traditional software vulnerabilities.
Google and Microsoft have removed the popular ModHeader browser extension, installed by 1.6 million users, following the discovery of a dormant data-collecting component within its official store version.
Microsoft Entra ID will make passkeys the default authentication method starting September 1, 2026, and retire native SMS/voice support by February 1, 2027, to combat AI-driven identity attacks.
A sophisticated new macOS infostealer, dubbed CrashStealer, has emerged, impersonating Apple's legitimate crash-reporting utility to pilfer browser credentials, cryptocurrency wallets, and password manager data.
The Russian-linked Turla group leveraged a Microsoft SharePoint vulnerability to gain access to thousands of French user accounts and sensitive data.
Generative AI is empowering fraudsters with advanced deepfakes and voice cloning, escalating identity fraud and challenging traditional security measures.
The UK and EU have officially attributed a December 2025 cyberattack on Poland's power grid to Russia's FSB Centre 16, warning of potential lethal consequences and urging critical infrastructure to implement new security measures.

Russian state-sponsored actors are actively targeting network devices, including routers, with a focus on exploiting known vulnerabilities. A joint advisory from the US and its allies highlights the threat to critical infrastructure, urging organizations to improve router security and disable features like Cisco Smart Install. This campaign underscores the persistent danger posed by nation-state actors to essential services. CyberScoop CISA Alerts Infosecurity Magazine BleepingComputer Cyber Security News
BeyondTrust has released patches for critical authentication bypass vulnerabilities affecting its remote access software. These flaws could allow attackers to gain unauthorized access to sensitive systems. The company is urging users to update their software immediately to mitigate the risk of exploitation. BleepingComputer The Hacker News
A new ransomware strain, dubbed "The Gentlemen," is rapidly expanding its reach across various industries. This sophisticated malware employs custom tools to disable endpoint detection and response (EDR) and antivirus solutions, making it more challenging to detect and remove. The ransomware's rapid proliferation and evasive capabilities pose a significant threat to organizations worldwide. Unit 42: No Manners Here: The Ruthless Rise of The Gentlemen Ransomware Cyber Security News
Proof-of-concept (PoC) code and technical details have been made public for a critical remote code execution (RCE) vulnerability in Microsoft SharePoint. This disclosure increases the risk of exploitation, as attackers can now more easily develop and deploy attacks targeting unpatched systems. Organizations using SharePoint should prioritize applying security updates to prevent potential compromises. Cyber Security News
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic…
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks…
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or…
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover…
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800…
ImageMagick: ImageMagick: Use-after-free vulnerability leading to denial of service or code execution
ImageMagick: ImageMagick: Denial of Service via specially crafted VIFF images
ImageMagick: ImageMagick: Policy bypass allows unauthorized file writing via APNG encoder
ImageMagick: ImageMagick: Denial of Service via crafted image due to missing memory allocation check