Vulnerability | Breaking Cybersecurity News | The Hacker News

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere, Adobe released updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK. The company said it's not aware of in-the-wild exploitation of any of the shortcomings. SAP shipped fixes for two critical-severity vulnerabilities, including a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS score: 9.9) that an authenticated attacker could use to run an arbitrary SQL statement and lead to a full database compromise. The second critical vulnerability is a case of a missing authorization check in SAP NetWeaver Application...

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). It's worth noting that the patches are in addition to three security flaws that Microsoft has addressed in its Edge browser since the release of the January 2026 Patch Tuesday update , including a Moderate vulnerability impacting the Edge browser for Android ( CVE-2026-0391 , CVSS score: 6.5) that could allow an unauthorized attacker to perform spoofing over a network by taking advantage of a "user interface misrepresentation of critical information....

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat ( IRC ) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of Linux 2.6.x-era exploits (2009–2010 CVEs)," cybersecurity company Flare said . "These are low value against modern stacks, but remain effective against 'forgotten' infrastructure and long-tail legacy environments." SSHStalker combines IRC botnet mechanics with an automated mass-compromise operation that uses an SSH scanner and other readily available scanners to co-opt susceptible systems into a network and enroll them in IRC channels.

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years. "Normally, the BYOVD defense evasion component of an attack would involve a distinct tool that would be deployed on the system prior to the ransomware payload in order to disable security software," the Symantec and Carbon Black Threat Hunter Team said in a report shared with The Hacker News. "However, in this attack, the vulnerable driver (an NsecSoft NSecKrnl driver) was bundled with the ransomware itself." Broadcom's ...

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643 , has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests," Fortinet said in an advisory. The shortcoming affects the following versions - FortiClientEMS 7.2 (Not affected) FortiClientEMS 7.4.4 (Upgrade to 7.4.5 or above) FortiClientEMS 8.0 (Not affected) Gwendal Guégniaud of the Fortinet Product Security team has been credited with discovering and reporting the flaw. While Fortinet makes no mention of the vulnerability being exploited in the wild, it's essential that users move quickly to apply the fixes...