CVE-2026-5426 KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical breakdown in the Security Intelligen...

Security Updates for Microsoft .NET Framework (February 2026)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...

Wordfence Bug Bounty Program Monthly Report – February 2026

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

External Client App (ECA) for Veeam Data Cloud — Adapting to New Salesforce Security Requirements

Support Statement Summary of Changes to Salesforce Security Protocols Salesforce has introduced new security protocols for third-party applications accessing Salesforce organizations. This change affects all third-party products that integrate with Salesforce, requiring those vendors to transitio...

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

Exploit for Improper Privilege Management in Microsoft

CVE-2026-21533 Scanner: Windows RDP Local Privilege Escalation...

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a "new and powerful" exploit kit dubbed Coruna aka CryptoWaters targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group GTIG said. It's...

Attacks on GPS Spike Amid US and Israeli War on Iran

New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28...

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 CVSS score: 8.8, a high-severity security feature bypass affecti...

March 2, 2026—KB5082314 (OS Build 20348.4776) Out-of-band

March 2, 2026—KB5082314 OS Build 20348.4776 Out-of-band This out-of-band update for Windows Server 2022 KB5082314 is cumulative. It includes updates from previous security updates, along with an additional fix. To learn more about differences between security updates, optional non-security previe...

CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

GHSA-XF68-8HJW-7MPM

creationtimestamp| type| source ---|---|--- 2026-02-27 06:40:19+00:00| seen| https://gist.github.com/alon710/77f29ca3c69eb8ef713507cb5ca27a63...

CVE-2026-25945

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-04 2026-02-27 06:21:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mft327nnut2k 2026-03-02 18:20:09+00:00| seen|...

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...

CVE-2026-27837

creationtimestamp| type| source ---|---|--- 2026-02-26 01:53:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfq3lvr2dh2n 2026-02-26 21:10:19+00:00| seen| https://gist.github.com/alon710/542919c9baa74ad65aba77993c4f58c9...

OpenAI - Disrupting Malicious Uses of Our Models

This is the February, 2026 report from OpenAI that discusses their work in disrupting malicious use of their models...

CVE-2025-69985

creationtimestamp| type| source ---|---|--- 2026-02-25 20:06:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpi6yvfbv2h 2026-02-25 20:07:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpib4lrfh2v 2026-03-24 17:00:40+00:00|...

CVE-2026-20010

creationtimestamp| type| source ---|---|--- 2026-02-25 17:29:05+00:00| seen| https://www.acn.gov.it/portale/w/rilevato-sfruttamento-di-vulnerabilita-in-prodotti-cisco 2026-02-26 14:40:09+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfrggi53ya2w...

One Identity Appoints Michael Henricks as Chief Financial and Operating Officer

Alisa Viejo, CA, United States, 25th February 2026, CyberNewswire...