%term

Multiple Critical Authentication Bypass and Remote Code Execution Vulnerabilities Fixed in SolarWinds Web Help Desk

Jan 28, 2026 By Andres Ramos In Arctic Wolf

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable target for threat actors if compromised. Among the vulnerabilities addressed, four were rated as critical: At the time of writing, Arctic Wolf has not observed exploitation of these vulnerabilities in the wild, nor identified a publicly available proof-of-concept exploit.

Read Post

Arctic Wolf

Read more about Multiple Critical Authentication Bypass and Remote Code Execution Vulnerabilities Fixed in SolarWinds Web Help Desk

CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited

Jan 28, 2026 By Julian Tuin In Arctic Wolf

On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the vulnerability allows an unauthenticated threat actor with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Read Post

Arctic Wolf

Read more about CVE-2026-24858: FortiCloud SSO Authentication Bypass Vulnerability Exploited

Common Web Application Vulnerabilities: Expert's Opinion [2026]

Jan 28, 2026 By Keshav Malik In Astra

Hackers love web applications. Why? Because 9 out of 10 vulnerabilities exist at the application layer, and exploiting them lets attackers bypass firewalls and perimeter defenses completely. In 2025, a total of 48,448 Common Vulnerabilities and Exposures (CVEs) were published, up 17% from the previous year, where such exploited vulnerabilities in web applications cost organizations an average of $4.44 million in damages, excluding the lost reputation.

Read Post

Astra

Read more about Common Web Application Vulnerabilities: Expert's Opinion [2026]

GLM 4.7 Tutorial: How to Connect OpenRouter to VS Code

Jan 28, 2026 By Snyk In Snyk

GLM 4.7 Tutorial: How to Connect OpenRouter to VS Code.

View Video

Snyk

Read more about GLM 4.7 Tutorial: How to Connect OpenRouter to VS Code

CVE-2025-60021 (CVSS 9.8): Command injection in Apache bRPC heap profiler

Jan 28, 2026 By Simcha Kosman In CyberArk

This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue in Apache bRPC’s /pprof/heap profiler endpoint, was identified during broader analysis of diagnostic and debugging surfaces in the framework. The issue was discovered using Vulnhalla, CyberArk Labs’ AI tool that assists in triaging CodeQL results using an LLM.

Read Post

CyberArk

Read more about CVE-2025-60021 (CVSS 9.8): Command injection in Apache bRPC heap profiler

Emerging Threat: CVE-2026-24061 - Telnet Authentication Bypass in GNU Inetutils

Jan 28, 2026 By Amit Sheps In CyCognito

CVE-2026-24061 is an authentication bypass vulnerability affecting the Telnet service provided by GNU Inetutils. The issue allows an unauthenticated remote attacker to bypass expected authentication checks and gain access to the Telnet service under certain conditions.

Read Post

CyCognito

Read more about Emerging Threat: CVE-2026-24061 - Telnet Authentication Bypass in GNU Inetutils

Practical Tips for Tracking Vulnerability Remediation Progress

Jan 27, 2026 By Doug Drew In Nucleus

When vulnerability remediation succeeds at enterprise scale, it’s very rarely because the vulnerability management team is finding more vulnerabilities. It’s because the program was built around the idea of turning messy findings into steady, measurable risk reduction. That’s not an easy task. It’s easier to make it a numbers game, pointing to vulnerability volumes and how many findings were addressed, rather than accurately depicting how much real risk was eliminated.

Read Post

Nucleus

Read more about Practical Tips for Tracking Vulnerability Remediation Progress

When Hundreds of Patch Findings Require One Fix

Jan 27, 2026 By Kevin Swan In Seemplicity

In large-scale security environments, the primary challenge is often execution rather than a lack of detection. When multiple security tools report the same missing patch on a single machine, it creates hundreds of redundant findings that inflate backlogs and cause ticket-based workflows to break down. By aggregating these overlapping alerts into a single remediation action centered on the root cause, organizations can align their work with actual outcomes.

Read Post

Seemplicity

Read more about When Hundreds of Patch Findings Require One Fix

The Top 5 Vulnerabilities Attackers Are Using Against Your Vendors (And What It Says About Third-Party Risk)

Jan 27, 2026 By Emma Stevens In BitSight

When threat actors target your vendors, they’re not just looking to exploit a system for a single attack. They’re looking for every opportunity to scale up their operations. This means seeking ways to push their compromises as far downstream into the supply chain as they can go.

Read Post

BitSight

Read more about The Top 5 Vulnerabilities Attackers Are Using Against Your Vendors (And What It Says About Third-Party Risk)

Why CVEs Alone Don't Explain Risk | Ed Amoroso & Garrett Hamilton on Actionable Security

Jan 26, 2026 By Reach Security In Reach Security

Vulnerability data isn’t the starting point. Context is. Ed Amoroso and Garrett Hamilton unpack why CVEs on their own don’t explain risk. What matters first: ⇢ What assets actually exist⇢ How controls are deployed and configured⇢ What the live posture looks like, not last month’s report With that context in place, vulnerabilities stop being noise and start becoming decisions. Garrett also makes a critical point near the end: many security tools are excellent at producing findings, but far less effective at helping teams resolve them.

View Video