The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
SecurityWeek

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Microsoft

Copilot Studio agent security: Top 10 risks you can detect and prevent

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real ...
WinBuzzer

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft has patched the Windows Notepad remote code execution vulnerability CVE-2026-20841, warning users to install February 2026 updates to block exploits.
Technobezz on MSN

GlassWorm malware hits macOS via compromised VS Code extensions

Malware targets macOS developers via compromised VS Code extensions, stealing credentials and crypto data via blockchain-based C2..