“Reprompt” attack lets attackers steal data from Microsoft Copilot

Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. The attack flow, called Reprompt, abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI Read More …

Patch Tuesday – January 2026

Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code Read More …

Why iPhone users should update and restart their devices now

If you were still questioning whether iOS 26+ is for you, now is the time to make that call. Why? On December 12, 2025, Apple patched two WebKit zero‑day vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone Read More …

10 emergency directives retired as CISA declares them redundant

The US Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives (ED) it issued between 2019 and 2024, saying they achieved their purpose and are no longer needed. In a short announcement published on its website, CISA said the Read More …

CVE-2026-21858: Maximum-severity n8n flaw lets randos run your automation server

A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn’t even require logging in. The vulnerability, uncovered by researchers at security outfit Read More …

Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit

Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information – and warned that a public, proof-of-concept exploit for the flaw exists Read More …

CISA warns of active attacks on HPE OneView and legacy PowerPoint

The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of Read More …

CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on Read More …

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild

A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using Read More …

Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene

When you hear the term “personal hygiene,” chances are you think of basic routines such as staying clean, wearing deodorant and brushing your teeth. In today’s tech-driven world, another aspect of personal hygiene deserves more attention: cyber hygiene. Cyber hygiene Read More …