Security Boulevard

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Critical105Important0Moderate0LowMicrosoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, ...
Computer Weekly

Microsoft patches 112 CVEs on first Patch Tuesday of 2026

January brings a larger-than-of-late Patch Tuesday update out of Redmond, but an uptick in disclosures is often expected at ...
Dark Reading

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

Among them is a zero-day vulnerability in Desktop Window Manager (DWM) designated as CVE-2026-20805 (CVSS score: 5.5), which ...
SecurityWeek

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Eight Windows and Office vulnerabilities patched this month have been assigned a critical severity rating. A majority can be ...

Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list

CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the ...

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow ...

Apple warning to all iPhone users over 'product's security' in latest update

Some of the issues addressed by Apple in its latest update, including a serious exploit that reportedly allowed 'extremely ...
Security Info Watch

2025 Threat Trends: How Social Engineering, VPN Exploits, and Living-Off-the-Land Attacks Redefined the Cyber Threat Landscape

The lessons learned this past year are that the bad guys are not outpacing technology; rather, they are outmaneuvering people ...

iPhone users urged to check setting for 'product's security'

Apple has addressed a major issue in its latest security guidance which led to 'sophisticated attacks' on some devices ...
Infosecurity Magazine

CISA Flags Actively Exploited Gogs Vulnerability With No Patch

A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution ...

INE Security Announces “2026: Year of the Defender”—A Global Initiative to Position Technical Teams as the New Front Line of Cybersecurity

As attackers increasingly exploit the "white space" between networks, cloud environments, and code bases, INE Security today announced the Year of the Defender. This initiative recognizes that cyber ...