Dataproof Communications

Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities. So far this month, Microsoft has already provided patches to address one browser...

A look at how Kubernetes CVE-2020-8554 works - Read more

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.  In this month's release, Microsoft observed one of the included “important” vulnerabilities, CVE-2026-20805, as being exploited in the wild. Out of 8 "critical" entries, 6 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Windows Local Security Authority Subsystem Service (LSASS), Microsoft Word, Microsoft Excel, and...

AI Security Insights – January 2026 - Read more

A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms how organizations handle security...

CVSSv3 Score: 9.4 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 9.3 An exposure of sensitive information to an unauthorized actor vulnerability in FortiFone Web Portal page may allow an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 3.4 A Server-Side Request Forgery (SSRF) vulnerability in FortiSandbox may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 7.4 A heap-based buffer overflow vulnerability in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in FortiClientEMS may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. Revised on 2026-01-13 00:00:00 - Read more