-
Palo Alto Networks (PAN-OS / Prisma Access / GlobalProtect focus)
CVE-2026-0227 (CVSS 7.7, High): DoS in GlobalProtect Gateway/Portal (improper exception handling). Unauthenticated remote attackers could crash firewalls or force maintenance mode (PoC public). Announced/published January 14, 2026 (advisory updated February 9, 2026). Patches released concurrently in fixed PAN-OS versions (e.g., 12.1.3-h3 / 12.1.4, 11.2.4-h15, etc.; Prisma Access cloud mostly pre-patched). Vulnerability window post-announcement: 0 days…
-
Fortinet (FortiOS / FortiGate / FortiManager focus)
CVE-2026-24858 (Critical, auth bypass via FortiCloud SSO alternate path/channel; CWE-288): Attacker with any FortiCloud account could access other customers’ devices if SSO enabled (not default but common post-registration). Exploited in the wild pre-disclosure (malicious accounts locked Jan 22, 2026). Advisory published January 27, 2026. Fortinet mitigated on cloud side (disabled/re-enabled SSO without vulnerable device support…
-
Salt Typhoon Strikes Capitol Hill: China-Linked Hackers Breach U.S. Congressional Emails
In a chilling reminder of the ongoing cyber arms race between superpowers, hackers associated with China’s Ministry of State Security have once again made headlines. Dubbed “Salt Typhoon,” this sophisticated group infiltrated the email systems of staffers working for key U.S. House of Representatives committees in late 2025. The breach, detected in December 2025, targeted…
-
Cisco’s CVE Alert: Oct. 2023
On October 17th, 2023, Cisco issued a warning regarding a critical security vulnerability (CVE-2023-20198) affecting its IOS XE software12. The vulnerability, which has a severity rating of 10.0 on the CVSS scoring system, exists in the web UI feature of IOS XE and could allow an unauthenticated remote attacker to create a privileged account on affected…