Latest Internet & Cybersecurity News
Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco released patches for CVE-2026-20045 (CVSS 8.2), a critical vulnerability allowing unauthenticated remote code execution via crafted HTTP requests, actively exploited in the wild. It affects Unified CM, SME, IM&P, Unity Connection, and Webex Calling Dedicated Instance, enabling root privilege escalation.
CISA added it to KEV catalog, mandating FCEB fixes by February 11, 2026.
Zoom Fixes Critical RCE Vulnerability CVE-2026-22844
Zoom addressed CVE-2026-22844, a critical flaw that could result in remote code execution on its cloud-based video conferencing platform. The vulnerability impacts the online collaboration service, prompting immediate patching recommendations.
No details on active exploitation reported yet.
Oracle Patches Critical CVE-2026-21962 in HTTP Server and WebLogic Proxy
Oracle released updates for CVE-2026-21962 (CVSS 10.0) affecting Oracle HTTP Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0, plus WebLogic Server Proxy Plug-in. Unauthenticated attackers with HTTP access could gain full product control, modifying sensitive data.
Administrators urged to update immediately.
Monroe University Data Breach Exposes 320,973 Individuals' Info
Monroe University suffered a cyberattack on December 23, 2024, compromising names, SSNs, medical info, and more for 320,973 people. The breach included health insurance details, financial accounts, and student data.
Affected individuals advised to monitor for identity theft.
Leidos QTC Health Services Breach Leaks Patient Medical Data
Leidos QTC Health Commercial Services (First Rehabilitation Resources) had an email security breach in December 2025, exposing names, SSNs, medical records, and treatment histories. Varying data per individual included health insurance and diagnostic results.
Patients urged to check for fraud.
Komar Industries Cybersecurity Breach Impacts Employees and Vendors
Komar Industries suffered a breach exposing names, SSNs, addresses, payroll, and financial details of employees, vendors, and partners. The incident highlights supply chain risks in sensitive data handling.
Victims should secure accounts promptly.
Top Cybersecurity and AI Predictions for 2026: Surge in AI-Generated Vulnerabilities
Experts predict a surge in AI-generated vulnerabilities and exploits, making vulnerability research more practical and increasing market availability. CrowdStrike's Adam Meyers cites Google's Big Sleep project as evidence of AI weaponizing flaws.
This marks a turning point with GenAI impacting defenders and attackers.
AI to Fuel Exponential Increase in Cyberattacks in 2026
Vectra AI's CTO Oliver Tavakoli predicts AI will drive an exponential rise in cyberattacks. Traditional defenses may fail as attacks accelerate, per Noma Security CISO Diana Kelley.
Personal AI agents could enable hyperscale attacks, necessitating autonomous defenses.
Black Kite Report: Over 70% Major Retailers Have Exposed Credentials
Black Kite's 2026 Wholesale & Retail Report reveals over 70% of major retailers, 60% wholesalers, and 52% supply chain with compromised credentials. Credential theft is the dominant access vector, urging CISA KEV patching especially RCE flaws.
Shared supply chain emerges as primary threat.
Cloudflare Fixes ACME Validation Flaw Allowing Origin Server Bypass
Cloudflare patched a flaw in ACME HTTP-01 validation logic, enabling attackers to bypass checks and access protected origin servers. The vulnerability posed risks to secured infrastructure.
Users advised to apply updates.
TP-Link Patches Critical Flaw in 32 VIGI Camera Models
TP-Link fixed a high-severity vulnerability exposing over 32 VIGI C and VIGI InSight camera models to remote hacking, with 2,500+ internet-exposed devices. The flaw allowed unauthorized access to devices.
Immediate firmware updates recommended.
CIRO Data Breach in Canada Affects 750,000 People
Canada’s Canadian Investment Regulatory Organization (CIRO) suffered a data breach impacting about 750,000 individuals. The incident at the investment watchdog exposed sensitive information.
Investigations ongoing with notifications to affected parties.