Alerts

Mozilla has released an updated Firefox version 149.0.2, Firefox ESR versions 115.34.1 and 140.9.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and corrupt memory that could lead to full compromise of the affected system. Sample of the addressed vulnerabilities: Mozilla Firefox and Firefox ESR Memory Safety

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges or obtain sensitive information from the affected systems. Sample of the addressed vulnerabilities: 1. Azure AI Foundry Elevation of Privilege Vulnerability (CVE-2026-32213): CVSS: 10 Attack Vector: Network Attack Complexity: Low Privileges

Fortinet has released a security update to address a critical vulnerability affecting FortiClient EMS versions 7.4.5 through 7.4.6 The addressed vulnerability could allow the remote attacker to gain elevated privileges, execute unauthorized code or commands via crafted requests, and gain access to the affected systems. FortiClient EMS API Authentication and Authorization Bypass Vulnerability (CVE- 2026-35616):

A supply chain attack targeted the Axios NPM package, a widely used HTTP client in the JavaScript and Node.js ecosystem. Malicious versions of the package were published to the official npm repository. When installed, these versions resulted in the deployment of a cross-platform Remote Access Trojan (RAT) affecting Windows, Linux, and macOS systems. On March

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass authentication and security restrictions, execute arbitrary commands or code, gain elevated privileges, obtain sensitive information, conduct cross-site scripting and serverside request forgery attacks, manipulate files, and gain access to the affected systems. Sample

Google has released an updated Chrome version 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause memory corruption, read out-of-bounds memory, corrupt objects, cause integer overflows, or bypass security and policy restrictions across multiple browser components by persuading the victim to visit a maliciously

Investigation confirmed successful web shell execution following the exploitation of Ivanti zero-day vulnerabilities (CVE-2026-1340 and CVE-2026-1281) on multiple organizations’ internet-facing Ivanti Endpoint Manager Mobile (EPMM) servers. Reference to Alert No. 18, “Ivanti Security Update – 01 February 2026”, EGFinCIRT requests a comprehensive Compromise Assessment for Ivanti Endpoint Manager Mobile (EPMM) servers. Attackers might take advantage

Grafana has released security updates to fix several vulnerabilities across multiple Grafana products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass authorization controls, disclose sensitive datasource configurations, perform cross-site scripting (XSS) attacks via Grafana Explore, or cause denial-ofservice attacks on the affected systems. Sample of the addressed vulnerabilities: 1. RCE

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform spoofing attacks, bypass security restrictions, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Microsoft Azure Cloud Shell Elevation

Oracle has released a security update to fix a critical vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0. The addressed vulnerability could allow the remote attacker to execute arbitrary code without authentication and gain access to the affected systems. Oracle Identity Manager and Oracle Web Services Manager Unauthenticated Remote

Citrix has released a security update to address vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway. The addressed vulnerabilities could allow the attacker to obtain sensitive memory contents, including authentication tokens, cryptographic keys, or user credentials, or gain unauthorized access to the affected systems, leading to a user session mixup where one user’s session

GNU InetUtils has addressed a critical vulnerability affecting all versions of the Telnet service implementation through 2.7. The addressed vulnerability could allow the remote attackers to perform out-ofbounds writes on systems running vulnerable versions of GNU inetutils telnetd, potentially leading to arbitrary code execution, full system compromise, or denial of service. GNU Inetutils Remote Pre-Auth

Veeam has released security updates to fix several vulnerabilities across Veeam Backup & Replication version 13.0.1.1071 and all earlier version 13 builds and version 12.3.2.4165 and all earlier version 12 builds. The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate repository files, extract stored credentials, escalate privileges, or execute arbitrary code, and