SecurityWeek

Ivanti Patches Exploited EPMM Zero-Days

Ivanti has patched CVE-2026-1281 and CVE-2026-1340, two Endpoint Manager Mobile (EPMM) flaws exploited as zero-days.
WeLiveSecurity

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.
Cybernews

New Microsoft Office zero-day under active attack, patch now

Microsoft rushed an emergency Patch Tuesday fix after a new Office zero-day began spreading in active attacks. CISA warns ...
SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

GTA: San Andreas's Original PC Version Can Now Be Beaten in Just an Hour Thanks to the Weirdest Skip You've Ever Seen

Straight to the End of the Line.
Cryptopolitan

Arbitrary-call vulnerability blamed for $17M SwapNet and Aperture Finance hacks

SwapNet, a DEX aggregator, suffered losses of over $13.4 million across Ethereum, Arbitrum, Base, and Binance Smart Chain, ...

CERT-In Asks macOS, Google Chrome Users to Install Updates That Address Security Flaws, Data Theft Risks

The alerts highlight security flaws in Apple’s productivity apps and Google’s Chrome browser for desktop computers.