SysAdmin 24x7

Inyección SQL en FortiClientEMS Fecha 09/02/2026 Importancia 5 - Crítica Recursos Afectados FortiClientEMS 7.4. Descripción Gwendal Guégniaud, de Fortinet Product Security team, ha reportado una vulnerabilidad de severidad crítica, cuya explotación podría permitir a un atacante ejecutar código o comandos no autorizados. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-sql-en-forticlientems

Aisuru botnet sets new record with 31.4 Tbps DDoS attack The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack that peaked at 31.4 Tbps and 200 million requests per second, setting a new record. https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/

Desbordamiento del búfer de pila en OpenSSL en Fortinet Fecha 30/01/2026 Importancia 4 - Alta Recursos Afectados Aquellos productos que contienen: OpenSSL 3.6, 3.5, 3.4, 3.3 y 3.0 OpenSSL 1.1.1 y 1.0.2 Actualmente, Fortinet esta investigando sus productos. Descripción Fortinet ha publicado una nota de seguridad en la que informa sobre una vulnerabilidad alta en OpenSSL implementado en algunos de sus productos. La explotación de esta vulnerabilidad podría permitir ejecución de código remoto o denegación de servicio. Solución Actualizar a las versiones correspondientes: OpenSSL 3.6.1. OpenSSL 3.5.5. OpenSSL 3.4.4. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/desbordamiento-del-bufer-de-pila-en-openssl-en-fortinet

Múltiples vulnerabilidades en EPMM de Ivanti Fecha 30/01/2026 Importancia 5 - Crítica Recursos Afectados Ivanti Endpoint Manager Mobile: 12. 5 . 0 .0 y anteriores; 12. 6 . 0 .0 y anteriores; 12. 7 .0.0 y anteriores; 12. 5.1 .0 y anteriores; 12.6.1.0 y anteriores. Descripción Ivanti ha publicado dos vulnerabilidades de severidad crítica que, de ser explotadas, podrían permitir ejecución de código remoto no autenticado. El fabricante ha identificado explotación activa en uno de sus usuarios. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-epmm-de-ivanti-0

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression sandbox mechanism and achieve full remote code execution on n8n's main node by passing specially crafted JavaScript code CVE-2026-0863 (CVSS score: 8.5) - An eval injection vulnerability that could allow an authenticated user to bypass n8n's python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system. https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html

AISLE Discovered 12 out of 12 OpenSSL Vulnerabilities Author Stanislav Fort Date Published January 26, 2026 Autonomous zero-day discovery in one of the most scrutinized codebases in the world https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities

Administrative FortiCloud SSO authentication bypass IR Number FG-IR-26-060 Published Date Jan 27, 2026 Component GUI Severity Critical CVSSv3 Score 9.4 Impact Improper access control CVE ID CVE-2026-24858 Summary An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device's GUI, unless the administrator disables the toggle switch "Allow administrative login using FortiCloud SSO" in the registration page, FortiCloud SSO login is enabled upon registration. This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out on 2026-01-22. In order to protect its customers from further exploit, Fortinet disabled FortiCloud SSO on FortiCloud side on 2026-01-26. It was re-enabled on 2026-01-27 and no longer supports login from devices running vulnerable versions. Consequently, customers must upgrade to the latest versions listed below for the FortiCloud SSO authentication to function. https://fortiguard.fortinet.com/psirt/FG-IR-26-060

Oracle Critical Patch Update Advisory - January 2026 https://www.oracle.com/security-alerts/cpujan2026.html

VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) Advisory ID: VMSA-2024-0012.1 Severity: Critical CVSSv3 Range: 7.8-9.8 Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) Issue date: 2024-06-17 CVE(s) CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 Impacted Products VMware vCenter Server VMware Cloud Foundation Introduction Multiple heap-overflow and privilege escalation vulnerabilities in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

[Actualización 22/01/2026] Omisión de autenticación en el inicio de sesión SSO en productos de Fortinet Fecha 10/12/2025 Importancia 5 - Crítica Recursos Afectados Las versiones de los siguientes productos están afectados: FortiOS: De 7.6.0 a 7.6.3; De 7.4.0 a 7.4.8; De 7.2.0 a 7.2.11; De 7.0.0 a 7.0.17. FortiProxy: De 7.4.0 a 7.4.10; De 7.2.0 a 7.2.14; De 7.0.0 a 7.0.21. FortiSwitchManager: De 7.2.0 a 7.2.6 De 7.0.0 a 7.0.5. FortiWeb: 8.0.0; De 7.6.0 a 7.6.4; De 7.4.0 a 7.4.9. Descripción Yonghui Han y Theo Leleu, del equipo de Seguridad de Productos de Fortinet, han reportado 1 vulnerabilidad de severidad crítica que de ser explotada, podría permitir a un atacante, no autenticado, evitar la autenticación de inicio de sesión SSO de FortiCloud a través de un mensaje SAML diseñado. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/omision-de-autenticacion-en-el-inicio-de-sesion-sso-en-productos-de-fortinet

Omisión de autenticación en telnetd Fecha 22/01/2026 Importancia 5 - Crítica Recursos Afectados GNU InetUtils telnetd: versiones comprendidas entre la 1.9.3 y la 2.7 (ambas incluidas). Descripción Carlos Cortes Alvarez ha reportado una vulnerabilidad de severidad crítica, cuya explotación podría permitir a un atacante remoto eludir los mecanismos normales de autenticación y obtener acceso como root. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/omision-de-autenticacion-en-telnetd

Ejecución remota de código en productos de Cisco Fecha 22/01/2026 Importancia 5 - Crítica Recursos Afectados La vulnerabilidad afecta a los siguientes productos, independientemente de la configuración que tengan. Las versiones comprometidas en estos productos son: 12.5, 14.0 y 15.0. Unified CM (CSCwr21851); Unified CM SME (CSCwr21851); Unified CM IM&P (CSCwr29216); Webex Calling Dedicated Instance (CSCwr21851); Unity Connection (CSCwr29208). Descripción Un investigador externo junto con la colaboración de Cisco han reportado 1 vulnerabilidad de severidad crítica que, en caso de ser explotada exitosamente, podría permitir a un atacante remoto no autenticado previamente, ejecutar comandos arbitrarios en el sistema operativo subyacente y obtener acceso de usuario para, posteriormente, elevar privilegios como root. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-remota-de-codigo-en-productos-de-cisco-0

Microsoft Releases Emergency Updates After Breaking Core Features Microsoft has issued a series of emergency out-of-band updates to address serious problems introduced by the January 2026 Patch Tuesday updates. https://www.ghacks.net/2026/01/20/microsoft-releases-emergency-updates-after-broking-core-features/

CVE-2026-23745 Description node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3. https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97 https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e

CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal Description A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode. https://security.paloaltonetworks.com/CVE-2026-0227

IR Number FG-IR-25-084 Published Date Jan 13, 2026 Component OTHERS Severity High CVSSv3 Score 7.4 Impact Execute unauthorized code or commands CVE ID CVE-2025-25249 https://www.fortiguard.com/psirt/FG-IR-25-084

FG-IR-25-084 Heap-based buffer overflow in cw_acd daemon CVE-2025-25249 Published: Jan 13, 2026 High Severity FG-IR-25-783 SSRF in GUI console CVE-2025-67685 Published: Jan 13, 2026 GUI Low Severity FG-IR-25-783 SSRF in GUI console CVE-2025-67685 Published: Jan 13, 2026 GUI Low Severity https://www.fortiguard.com/psirt

Microsoft - January 2025 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/

Parche urgente para Apex Central: Trend Micro resuelve vulnerabilidad crítica de ejecución remota https://unaaldia.hispasec.com/2026/01/parche-urgente-para-apex-central-trend-micro-resuelve-vulnerabilidad-critica-de-ejecucion-remota.html?utm_source=rss&utm_medium=rss&utm_campaign=parche-urgente-para-apex-central-trend-micro-resuelve-vulnerabilidad-critica-de-ejecucion-remota