Dataproof Communications

The manual operations gap can be a business risk Manual threat hunting requires 27 steps that burn analyst time Autonomous Threat Operations can reduce 27 steps to 5 Autonomous operations prove measurable ROI - Read more

Microsoft has released its monthly security update for February 2026, which includes 59 vulnerabilities affecting a range of products, including two that Microsoft marked as “Critical”. CVE-2026-21522 is a critical elevation of privilege vulnerability affecting Microsoft ACI Confidential Containers. Successful exploitation of this vulnerability could enable an authorized attacker to escalate privileges on affected systems. This vulnerability is not listed as publicly disclosed and received a CVSS 3.1 score of 6.7.  CVE-2026-23655 is a critical...

Apple says seven more US states plan to support iPhone driver’s licenses, expanding Apple Wallet digital IDs already live in 13 states. The post Apple Expands iPhone Driver’s Licenses to 7 US States appeared first on TechRepublic. - Read more

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google Calendar events. The post 10K Claude Desktop Users Exposed by Zero-Click Vulnerability appeared first on TechRepublic. - Read more

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore something we need to lock down before it gets out of hand.But as a security...

High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files - Read more

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|<=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, CVE-2025-66603, CVE-2025-66604, CVE-2025-66605, CVE-2025-66606, CVE-2025-66607, CVE-2025-66608) CVSS Vendor Equipment Vulnerabilities v3 8.2 Yokogawa Yokogawa FAST/TOOLS Generation of Error...

CVSSv3 Score: 7.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests.FortiSandbox PaaS versions 4.4.8 and 5.0.5 contains the fix for this vulnerability. Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability,...

CVSSv3 Score: 5.2 An HTTP request smuggling vulnerability in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header Revised on 2026-02-10 00:00:00 - Read more