Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

CVE-2025-15467 is a stack-based buffer overflow vulnerability in the Cryptographic Message Syntax (CMS) implementation of OpenSSL, specifically within handling of AuthEnvelopedData structures. The flaw occurs during parsing of attacker-controlled CMS messages where length fields are not sufficiently validated before being copied into fixed-size stack buffers.

On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, impact the In-House Application Distribution and Android File Transfer Configuration features and allow unauthenticated remote threat actors to achieve remote code execution.

CVE-2026-24858 is a critical authentication bypass vulnerability(CWE-288: Authentication Bypass Using an Alternate Path or Channel) in Fortinet products. It affects FortiOS, FortiAnalyzer, FortiManager, and potentially FortiProxy. An attacker with a FortiCloud account and registered device can log into devices registered to other accounts if FortiCloud SSO is enabled. Disclosed January 27, 2026, as actively exploited zero-day. CVSS 9.4 (some sources cite 9.8).

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable target for threat actors if compromised. Among the vulnerabilities addressed, four were rated as critical: At the time of writing, Arctic Wolf has not observed exploitation of these vulnerabilities in the wild, nor identified a publicly available proof-of-concept exploit.

On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the vulnerability allows an unauthenticated threat actor with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Hackers love web applications. Why? Because 9 out of 10 vulnerabilities exist at the application layer, and exploiting them lets attackers bypass firewalls and perimeter defenses completely. In 2025, a total of 48,448 Common Vulnerabilities and Exposures (CVEs) were published, up 17% from the previous year, where such exploited vulnerabilities in web applications cost organizations an average of $4.44 million in damages, excluding the lost reputation.