Cisco has released multiple security updates affecting enterprise communications, contact center, and infrastructure platforms widely deployed in production environments. Among the issues addressed is a critical remote code execution vulnerability that Cisco reports is being actively exploited. The most severe issue is a remote code execution vulnerability affecting multiple Cisco Unified Communications products. Tracked as

Continue Reading

Zoom has patched a command injection vulnerability affecting its Node Multimedia Router infrastructure in on-premises and hybrid deployments. Zoom Node is an enterprise hybrid deployment platform that allows large organizations to run Zoom workloads on their own infrastructure rather than solely in Zoom’s cloud. Organizations typically use Zoom Node to meet compliance requirements, keep meeting

Continue Reading

Cloudflare has resolved a security vulnerability in its certificate validation logic that could temporarily bypass web application firewall (WAF) protections. The issue, affecting ACME (Automatic Certificate Management Environment), was reported by security researchers late last year through Cloudflare’s bug bounty program. Cloudflare has implemented a fix, no action is required from customers, and there is

Continue Reading

Security researchers have demonstrated a new way that artificial intelligence features can be misused without exploiting traditional software bugs. In recent research published by application security firm Miggo, a standard Google Calendar invite was used to influence Google’s Gemini AI assistant and bypass expected privacy boundaries using language alone. The finding highlights a growing concern

Continue Reading

A Windows authentication method that security experts have warned about for decades is once again in the spotlight. Net-NTLMv1, a legacy protocol used in some Microsoft Active Directory environments, is being actively pushed toward retirement following a new release from Google-owned threat intelligence firm Mandiant. The company has made public a large dataset that dramatically

Continue Reading

Cybersecurity researchers from KU Leuven, a Belgian university, have disclosed a Bluetooth vulnerability called WhisperPair, affecting certain audio devices that implement Google Fast Pair technology. The findings were published as part of a coordinated security disclosure and document weaknesses in how some wireless accessories handle Fast Pair connections. Google has been informed of the findings

Continue Reading

The Node.js project has released security patches addressing a denial-of-service vulnerability that causes applications to crash when processing deeply nested data. The issue affects React Server Components, Next.js, and all major application performance monitoring tools. The issue was reported by the React and Next.js teams in December 2025, and fixes were released across supported Node.js

Continue Reading