The Hacker News

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco fixes actively exploited CVE-2026-20045 zero-day enabling unauthenticated RCE in Unified CM and Webex; CISA sets Feb 11, 2026 deadline.
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
CSO Online

Vulnerability prioritization beyond the CVSS number

A vulnerability in a tightly isolated sandbox may score a 9.8 but never affect anything else. Meanwhile, a 5.2 in a single ...
Dark Reading

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

Among them is a zero-day vulnerability in Desktop Window Manager (DWM) designated as CVE-2026-20805 (CVSS score: 5.5), which ...
Hackaday

This Week In Security: CVSS 0, Chwoot, And Not In The Threat Model

This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced ...
CRN

Cisco Moves To Vulnerability Scoring Standard

The San Jose, Calif.-based on Wednesday published CVSS scores for a pair of recently discovered vulnerabilities in Cisco Clean Access (CCA), a software solution consisting of Clean Access Server (CAS) ...
Infosecurity-magazine.com

Microsoft Fixes Four More Zero-Days in November Patch Tuesday

It’s been another busy Patch Tuesday for system administrators, with Microsoft releasing updates for nearly 100 vulnerabilities, four of which are classed as zero-days. Microsoft classifies a zero-day ...
Dark Reading

CISA Warns of TeleMessage Vuln Despite Low CVSS Score

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of a privacy vulnerability under exploitation in the messaging application TeleMessage — the very same one used by Michael ...