The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

Max severity Ivanti Sentry vulnerability now exploited in attacks

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with ...
Bleeping Computer

Zyxel warns of critical OS command injection flaw in routers

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command ...
SecurityWeek

Ivanti Sentry Exploitation Attempts Hitting Honeypots

CVE-2026-10520, a critical-severity vulnerability in Ivanti Sentry, was flagged as exploited based on activity observed on ...
SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.
Cyber Daily

Alert! Experts concerned over perfect 10 Ivanti Sentry vulnerability, and hackers are already all over it

CVE-2026-10520 is looking like a nightmare for network defenders: an OS Command Injection vulnerability that could lead to ...
ZDNet

Patch released for Fortinet command injection vulnerability

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...
Infosecurity-magazine.com

CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities

The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure ...