Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the
Phishers Exploit Office 365 Users Who Let Their Guard Down
Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.
Attackers Exploit Zero-Day in End-of-Life D-Link Routers
Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.
ChatGPT's Memory Feature Supercharges Prompt Injection
The "ZombieAgent" exploit makes use of ChatGPT's long-term memory and advanced capabilities.
Maximum Severity HPE OneView Flaw Exploited in the Wild
Exploitation of CVE-2025-37164 can enable remote code execution on HPE's IT infrastructure management platform, leading to devastating consequences.
Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day
The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.
'Most Severe AI Vulnerability to Date' Hits ServiceNow
The ITSM giant tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.
Vulnerabilities Surge, But Messy Reporting Blurs Picture
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), rel
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as