Harmony SASE Windows Client Vulnerability Enables Privilege Escalation

Cyber Security News

Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation

A critical flaw in Harmony SASE Windows clients below version 12.2 allows local privilege escalation and potential system compromise.

A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2025-9142, the flaw allows local attackers to write or delete files outside the intended certificate working directory, potentially leading to system-level compromise.

Stacker News

Harmony SASE Windows Client Vulnerability Enables Privilege Escalation \ stacker news

A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client softw...

Binance: An Open Letter to the Crypto Community

Binance Blog

An Open Letter to the Crypto Community | Binance Blog

Binance will convert SAFU fund's $1B stablecoin reserves into BTC as part of our long-term commitment to building industry resilience and trust.

During periods of market volatility and pressure, the impact felt across the industry is naturally also felt by Binance. This reflects the broader challenges our industry must address as it continues to mature. As the crypto ecosystem expands and becomes more complex, expectations continue to rise – especially around governance, risk management, and responsibility.

Stacker News

Binance: An Open Letter to the Crypto Community \ stacker news

During periods of market volatility and pressure, the impact felt across the industry is naturally also felt by Binance. This reflects the broader ...

3,280,081 Fortinet Devices Online With Exposed Web Properties Under Risk

Cyber Security News

3,280,081 Fortinet Devices Online With Exposed Web Properties Under Risk

Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authent...

Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authentication-bypass flaw actively exploited in the wild. The vulnerability, rated 9.4 on the CVSS scale, affects multiple Fortinet product lines, including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb.

Stacker News

3,280,081 Fortinet Devices Online With Exposed Web Properties Under Risk \ stacker news

Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authenti...

Gemini MCP Tool 0-day Vulnerability Allows Remote Execution Of Arbitrary Code

Cyber Security News

Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication.

A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease of exploitation and severe impact.

Stacker News

Gemini MCP Tool 0-day Vulnerability Allows Remote Execution Of Arbitrary Code \ stacker news

A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ...

Binance to shift $1 billion user protection fund into bitcoin amid market rout

Binance to shift $1 billion user protection fund into bitcoin amid market rout

Binance will convert the stablecoin holdings in its $1 billion Secure Asset Fund for Users to bitcoin over the next 30 days, with plans for regular...

Binance will convert the stablecoin holdings in its $1 billion Secure Asset Fund for Users to bitcoin over the next 30 days, with plans for regular audits.

Stacker News

Binance to shift $1 billion user protection fund into bitcoin amid market rout \ stacker news

Binance will convert the stablecoin holdings in its $1 billion Secure Asset Fund for Users to bitcoin over the next 30 days, with plans for regular...

Cost-effective dose assessment by combination of radiochromic film & smartphone https://www.sciencedirect.com/science/article/pii/S1350448725002227 To minimize health injuries in mass-casualty nuclear events, personal-level preparedness, including a simple, universal, and cost-effective dosimetry tool, is crucial. In this study, we propose an inexpensive dosimetry system using a radiochromic film, which can immediately detect high-dose radiation exposure by the naked eye, and a portable scanner coupled with a smartphone as a practical tool for radiological emergency preparedness. Small pieces of Gafchromic EBT4 films were irradiated with X-rays (160 kVp, 6.3 mA) at 2.5, 5.0, and 10 Gy (for water) and scanned on an LED light table of a commercially available portable scanner (PictoScanner ApS, Denmark) using four different smartphones: Samsung Galaxy A23 5G SC-56C, Samsung Galaxy Note8, iPhone Xs Max, and iPhone 13 Pro Max.

Stacker News

Cost-effective dose assessment by combination of radiochromic film & smartphone \ stacker news

To minimize health injuries in mass-casualty nuclear events, personal-level preparedness, including a simple, universal, and cost-effective dosimet...

Trump says he's announcing new Fed chair nominee Friday morning

Trump says he

President Trump says he will announce his nominee for Federal Reserve chair Friday morning, as he presses the central bank to cut interest rates.

President Trump says he will announce his nominee for Federal Reserve chair Friday morning, as he puts pressure on the Fed to cut interest rates. "I've chosen a very good person to head the Fed," he told reporters late Thursday. In response to a question from CBS News senior White House reporter Jennifer Jacobs, the president described his pick as an "outstanding person" who is "very respected" and "known to everybody in the financial world."

Stacker News

Trump says he's announcing new Fed chair nominee Friday morning \ stacker news

President Trump says he will announce his nominee for Federal Reserve chair Friday morning, as he puts pressure on the Fed to cut interest rates. "...

BRICS laying first tracks for new global payment system

Asia Times

BRICS laying first tracks for new global payment system - Asia Times

As India prepares to host the BRICS summit later this year, the focus will be on a payment system linking national digital currencies. By prioritizing

A BRICS currency to facilitate de-dollarization remains a distant dream, but a digital currency alternative to SWIFT is nearly here

Stacker News

BRICS laying first tracks for new global payment system \ stacker news

A BRICS currency to facilitate de-dollarization remains a distant dream, but a digital currency alternative to SWIFT is nearly here

Meet the threat actor John (Lick), who was caught flexing $23M in a wallet

X (formerly Twitter)

ZachXBT (@zachxbt) on X

1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Gover...

John Daghita, son of the CEO of CDMS (a government-contracted crypto custody firm), was allegedly tied to the theft of over $40 million in funds seized by U.S. authorities.

Stacker News

Meet the threat actor John (Lick), who was caught flexing $23M in a wallet \ stacker news

John Daghita, son of the CEO of CDMS (a government-contracted crypto custody firm), was allegedly tied to the theft of over $40 million in funds se...

Microsoft’s $357 Billion Rout Is Worst Since Deepseek Hit Nvidia https://finance.yahoo.com/news/microsoft-357-billion-rout-worst-212236721.html Microsoft Corp. shares got caught up in a selloff Thursday that wiped out $357 billion in value, second-largest for a single session in stock market history. The software giant’s stock closed down 10%, its biggest plunge since March 2020, following Microsoft’s earnings after the bell Wednesday, which showed record spending on artificial intelligence as growth at its key cloud unit slowed.

Stacker News

Microsoft’s $357 Billion Rout Is Worst Since Deepseek Hit Nvidia \ stacker news

Microsoft Corp. shares got caught up in a selloff Thursday that wiped out $357 billion in value, second-largest for a single session in stock marke...

Anthony Joshua pays tribute to friends killed in Nigeria crash https://news.sky.com/story/anthony-joshua-pays-tribute-to-friends-killed-in-nigeria-crash-13500819 Anthony Joshua has paid tribute to his two close friends killed in a car cash in Nigeria last year. In an emotional video posted on social media, the 36-year-old boxer, who sustained minor injuries in the collision, called the two men "my left and my right" and said he had been through a "tragic, traumatic time".

Stacker News

Anthony Joshua pays tribute to friends killed in Nigeria crash \ stacker news

Anthony Joshua has paid tribute to his two close friends killed in a car cash in Nigeria last year. In an emotional video posted on social media, t...

What Went Wrong With Microsoft Stock? https://www.forbes.com/sites/greatspeculations/2026/01/29/what-went-wrong-with-microsoft-stock/ Microsoft exceeded earnings expectations — why did the stock drop 7% after hours? The reason is that Azure’s growth is slowing down, and the dependency on OpenAI has become starkly apparent. Q2 fiscal 2026 revenue reached $81.27 billion, compared to the $80.27 billion that was anticipated. EPS was $4.14, an increase from the $3.97 expected. Both figures are positive surprises. However, Azure growth guidance for Q3 was only projected at 37% to 38% in constant currency, barely hitting the 37.1% consensus.

Stacker News

What Went Wrong With Microsoft Stock? \ stacker news

Microsoft exceeded earnings expectations — why did the stock drop 7% after hours? The reason is that Azure’s growth is slowing down, and the de...

Britain says it needs a ‘more sophisticated’ relationship with China https://www.cnn.com/2026/01/29/china/starmer-xi-china-uk-intl-hnk UK Prime Minister Keir Starmer said it was “vital” to build a “more sophisticated relationship” with China as he made the first visit of a British leader to the country in eight years.

Stacker News

Britain says it needs a ‘more sophisticated’ relationship with China \ stacker news

UK Prime Minister Keir Starmer said it was “vital” to build a “more sophisticated relationship” with China as he made the first visit of a ...

Critical OpenSSL Vulnerabilities Allow Remote Attackers 2 Execute Malicious Code

Cyber Security News

Critical OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues caus...

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data.

Stacker News

Critical OpenSSL Vulnerabilities Allow Remote Attackers 2 Execute Malicious Code \ stacker news

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues caus...

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

The Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via Windows Startup folders.

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated threat actors continue to exploit this n-day across disparate operations," the Google Threat Intelligence Group (GTIG) said.

Stacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 \ stacker news

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-p...

Tyson Fury to face Arslanbek Makhmudov in UK on 11 April

BBC Sport

Tyson Fury to face Arslanbek Makhmudov in UK on 11 April

Former heavyweight world champion Tyson Fury will face Arslanbek Makhmudov in the UK on 11 April as he ends his latest spell of retirement.

Former heavyweight world champion Tyson Fury will face Arslanbek Makhmudov in the UK on 11 April as he ends his latest spell of retirement. The fight, which will be broadcast on Netflix, will be Fury's first since he lost his rematch with unified champion Oleksandr Usyk in December 2024.

Stacker News

Tyson Fury to face Arslanbek Makhmudov in UK on 11 April \ stacker news

Former heavyweight world champion Tyson Fury will face Arslanbek Makhmudov in the UK on 11 April as he ends his latest spell of retirement. The fig...

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

The Hacker News

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

CTEM is a continuous approach that helps cybersecurity teams identify, prioritize, & validate exploitable risks using threat intelligence and testing.

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It's not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure.

Stacker News

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter \ stacker news

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It's not only about what could go wrong (...

Microsoft Office CVE-2026-21509 - Emergency Patch Issued for Active Exploitation

The Hacker News

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security feature bypass flaw.

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office.

Stacker News

Microsoft Office CVE-2026-21509 - Emergency Patch Issued for Active Exploitation \ stacker news

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulne...

Man Is Wounded After Exchanging Fire With Border Patrol in Arizona https://www.nytimes.com/2026/01/27/us/border-shooting-arizona.html The man, Patrick Gary Schlegel, was in custody and expected to be charged after shooting at a federal helicopter, the authorities said. The shooting is under investigation.

Stacker News

Man Is Wounded After Exchanging Fire With Border Patrol in Arizona \ stacker news

The man, Patrick Gary Schlegel, was in custody and expected to be charged after shooting at a federal helicopter, the authorities said. The shootin...

Italians furious over deployment of ICE agents 2 bolster US security at Olympics https://www.cnn.com/2026/01/27/europe/italy-ice-agents-security-olympics-intl Outrage is growing in Italy over the deployment of Immigration and Customs Enforcement (ICE) agents to assist US security operations at the Winter Olympics next month. Current and former lawmakers have urged Italian Prime Minister Giorgia Meloni to intervene to block the agents’ presence in the wake of two fatal shootings during an immigration crackdown in Minneapolis.

Stacker News

Italians furious over deployment of ICE agents 2 bolster US security at Olympics \ stacker news

Outrage is growing in Italy over the deployment of Immigration and Customs Enforcement (ICE) agents to assist US security operations at the Winter ...