Dataproof Communications

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. - Read more

CVSSv3 Score: 9.1 An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Revised on 2026-02-06 00:00:00 - Read more

Phishing has evolved far beyond the crude, mass-produced scams most security teams were trained to recognize. Phishing has evolved far beyond the crude, mass-produced scams most security teams were trained to recognize. What was once defined by obvious deception is now driven by high-quality, adaptive, and highly realistic attacks that are increasingly generated with AI and delivered at an...

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creators and subscribers. According to emails sent out this week to some users, on February 3 the company “identified evidence” that a third party had exploited an unspecified weakness...

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic. - Read more

Welcome to this week’s edition of the Threat Source newsletter.  Brothers and sisters, gather close for a moment. We are all security followers here gathered in fellowship and community, with one joyful spirit to fight the good fight and do good out there in the security world.   It is with that spirit that I have to mention Clawdbot. Clawdbot (aka Moltbot or OpenClaw) is a locally run open-source agentic application that acts on your behalf. Want to check into...

Betterment has disclosed a social engineering–driven data breach that exposed personal information for approximately 1.4 million customer accounts, significantly expanding the fallout from a January 2026 security incident tied to fraudulent crypto scam messages. In early January 2026, Betterment, a leading automated investment and robo‑advisory platform, detected unauthorized access to systems used for customer communications and operations. Attackers leveraged...

When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they compromised the hosting infrastructure used to deliver updates, allowing a highly targeted group to selectively distribute a...

View CSAF Summary Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if FOX61x devices are...

View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product. The following versions of Mitsubishi Electric MELSEC iQ-R Series are affected: MELSEC iQ-R Series R08/16/32/120PCPU firmware <=48 (CVE-2025-15080) CVSS Vendor Equipment Vulnerabilities v3 9.4 Mitsubishi Electric Mitsubishi Electric...