⚠️ FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication Source: cybersecuritynews.com/fortios-ldap-a… Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are

Microsoft Releases Extended Security Updates for Windows 10 Users Microsoft has released KB5075912, an Extended Security Update (ESU) for Windows 10 versions 22H2 and 21H2, targeting OS builds 19045.6937 and 19044.6937. This patch addresses critical vulnerabilities and prepares

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. nuel.ink/Nd5Gqj

Volvo Group hit in massive Conduent data breach Volvo Group North America confirmed that the security breach exposed data of nearly 17,000 of its employees, making it one of several major companies affected by the large-scale breach. SecurityWeek reports that the breach now

Microsoft February 2026 Patch Tuesday Fixes 54 Vulnerabilities, Including 6 Zero-Days The standout issue? Six zero-day vulnerabilities are already under active attack in the wild. These are bugs hackers exploited before Microsoft could patch them. IT teams must apply these

Nvidia CEO Jensen Huang claims AI no longer hallucinates, apparently hallucinating himself You could give Huang the benefit of the doubt and assume he misspoke and meant "significantly less" or "rarely enough that it's barely noticeable." That's probably what he was going for.

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," the company said in an

Celebrate Engineers Week and STEM in the Quad Cities at the 64th annual QCESC Awards Banquet and STEM Celebration on February 26th. In addition to awarding the 2026 IEEE college scholarship to a local student, I am honored to have been selected for the 2026 QCESC Hall of Fame -

A Misconfigured AI Could Trigger Infrastructure Collapse Non-human identities present a particular challenge. Service accounts, automation tokens and AI agents now outnumber human users in many infrastructure environments. The identities typically operate with persistent

CISA gives feds 3 days to patch actively exploited BeyondTrust flaw Tracked as CVE-2026-1731, this remote code execution vulnerability stems from an OS command injection weakness and affects BeyondTrust's Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or

CornCon has been a partner with InfoSecMap for several years and I continue to be impressed with their growing calendar of global InfoSec events! You should check them out at nuel.ink/lJnVzU. #infosecmap #conferences

CISA Warns of Actively Exploited SQL Injection Flaw in Microsoft Configuration Manager Tracked as CVE-2024-43468, the vulnerability enables remote attackers to execute arbitrary commands on affected servers and underlying databases through specially crafted requests, stemming

Chrome Security Update Patches Vulnerabilities Enabling Code Execution Attacks Users should update immediately via Chrome’s “About” menu (chrome://settings/help). Auto-updates are on by default, but manual checks prevent exposure. Enterprises can push via managed policies. No

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies The development signals yet another consequential evolution in how threat actors could abuse AI systems, not just to scale or accelerate different phases of the cyber attack cycle, but also leverage APIs to

Google Ads and Claude AI Abused to Spread MacSync Malware via ClickFix When users search for common technical terms like “online DNS resolver,” “HomeBrew,” or “macos cli disk space analyzer,” they are shown a “sponsored” link at the top of the results. As the team at Moonlock

the cybersecurity industry is about to get completely disrupted.. 💀 someone just open-sourced a fully autonomous AI Red Team. it’s called PentAGI. multiple AI agents that talk to each other to hack a target. zero human input.

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome - CVE-2024-7694 (CVSS score: 7.2) - An arbitrary file upload vulnerability in TeamT5 ThreatSonar -

Thanks for the shoutout, @CornConCyber! We're excited to support your event and the larger #InfoSec community in #Iowa, and look forward to achieving great things working together. 💜 🇺🇸 Interested in a #partnership? Reach out today! ➡️ infosecmap.com/contact/ #Cybersecurity