Morning Overview on MSN

Microsoft’s new AI Notepad just opened a terrifyingly easy hacker loophole

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning ...

Critical flaw in BeyondTrust Remote Support sees early signs of exploitation

The vulnerability is a variant of a CVE linked to the 2024 hack of the U.S. Treasury Department, according to researchers.

Use Notepad's new Markdown feature? Update it now to ensure you're safe.

Microsoft has patched a severe security vulnerability tied to Notepad's Markdown feature. Here's what you need to know to ...
Bleeping Computer

Latest Command Injection news

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command ...
CSO Online

Critical BeyondTrust RS vulnerability exploited in active attacks

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch.
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
ZDNet

Patch released for Fortinet command injection vulnerability

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...
SecurityWeek

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.