Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.
ZDNet

23andMe and JFrog partner to solve code injection vulnerability

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...
CRN

Ivanti: ‘Critical’ Mobile Management Vulnerabilities Seeing Exploitation

A pair of critical-severity vulnerabilities affecting an Ivanti mobile management tool have been exploited in cyberattacks, ...
CSO Online

Ivanti patches two actively exploited critical vulnerabilities in EPMM

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but ...
Que.com on MSN

Docker patches critical 'Ask Gordon AI' flaw enabling code execution

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The ...
SecurityWeek

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.
Hosted on MSN

Three critical vulnerabilities patched by SAP - here's what we know

SAP’s December update patched 14 flaws, including three critical vulnerabilities in key products CVE‑2025‑42880 (9.9) in SAP Solution Manager allows code injection and full system compromise ...
Computerworld

WordPress silently fixes dangerous code injection vulnerability

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability. WordPress version ...