security

CVE-2026-35616: FortiClient EMS API Auth Bypass Enables Command Execution Fortinet disclosed a critical vulnerability in Fortinet FortiClient EMS (Enterprise Management Server) tracked as CVE-2026-35616. Fortinet also says it has observed in-the-wild exploitation and released out-of-band hotfix guidance for affected builds. This post breaks down what CVE-2026-Adresse geschuetzt, who is affected, and what defenders should do […]

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused…

I Made a Big Mistake! This table is awesome – and I definitely should have included this table on my…

Join me as we take a look at some of the best new VPX Virtual Pinball releases from the month…

The Ten Commandments of Pinball Table Design – whether real or virtual, these commandments will ensure a popular table, with…

Comments

Comments

Das Sicherheitsteam von Cato Networks hat mit „Foxveil“ einen neuen Mal­ware-Loader entdeckt, der sich im normalen Webverkehr tarnt. Er nutzt vertrauenswürdige Plattformen wie Cloudflare und Discord, um gefährliche Payloads ins System einzuspeisen.

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Palo Alto researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure.