Meridiano
Articles
Showing articles 1 - 15 of 1033 total (matching filters).
-
-
-
-
-
infosec 4Bitwarden now allows users to log into Windows 11 devices using passkeys stored in its vault, providing phishing-resistant authentication. The feature requires Entra ID-joined devices with FIDO2 security key sign-in enabled and a registered Entra ID passkey in the vault. It works by scanning a QR code with a mobile device to confirm access, removing passwords from the login process. This extends Microsoft's passkey provider API to the operating system's fundamental authentication layer.
-
-
infosec 6A critical vulnerability (CVE-2026-28289) in the FreeScout helpdesk platform allows unauthenticated, remote code execution via a malicious email attachment. Attackers bypass a previous patch by using a zero-width space character in a filename, which circumvents security checks and enables server compromise. The flaw affects all versions up to 1.8.206, is patched in version 1.8.207, and requires immediate updating. While no active exploits are currently reported, the risk is considered high due to the vulnerability's severity and ease of exploitation.
The main topics covered are the technical details of a severe software vulnerability, its method of exploitation, the affected software versions and patch status, and the potential consequences and recommendations for mitigation.
-
-
infosec 7A high-severity command injection vulnerability (CVE-2026-22719) in VMware Aria Operations is being actively exploited, allowing unauthenticated attackers to execute remote commands and potentially gain full control of cloud environments. The U.S. cybersecurity agency CISA has added this flaw to its known exploited vulnerabilities catalog, and Broadcom has acknowledged reports of in-the-wild exploitation. The main risk is that compromising this central cloud management platform grants attackers broad access to the entire virtual infrastructure it manages, including credentials and network topology. Users are urged to immediately patch to version 8.18.6 or apply a provided workaround. The article covers the vulnerability's details, its exploitation status, the significant risk posed by cloud management platform compromises, and the urgent mitigation steps.
-
-
infosec 3Microsoft has released the KB5075039 update to fix a Windows 10 Recovery Environment (WinRE) issue that prevented it from starting, a problem introduced by an October 2025 update. The fix addresses a flaw similar to one previously resolved for Windows 11. Installing the update requires the WinRE partition to be at least 256MB in size, with instructions provided for resizing if necessary. The main topics covered are a software update to repair a broken system recovery tool and the technical requirements for its installation.
-
-
infosec 3LastPass is warning users about a phishing campaign using fake emails that impersonate support staff. These emails contain urgent alerts about unauthorized account access and direct users to fraudulent login pages to steal credentials. The company confirms its own systems are not compromised and reminds users that legitimate support will never ask for their master password. The main topics covered are the phishing attack methodology, LastPass's response and assurances, and the service's history of being targeted by similar scams.
-
-
