The problem occurs when developers use i18n with sensitive attributes like links or resource paths. Normally, Angular protects applications by sanitizing input, but in this case, that protection can be bypassed. If untrusted data is directly bound to these attributes, attackers can execute scripts within the application context.

Commonly affected attributes include href, src, action, background, data, and formaction. Applications running versions between 17.x and early 22.x releases are particularly at risk, especially if they rely on user-controlled data in these areas.

Impact and Mitigation

Successful exploitation allows attackers to run malicious scripts inside a user’s browser session, which can lead to serious security issues such as:

• Session hijacking through stolen cookies or tokens
• Extraction of sensitive user data
• Performing actions on behalf of users without consent

Angular has released fixes in newer versions, and upgrading to patched releases is the most effective solution. However, older versions (like 17 and 18) still require additional precautions.

‍Follow Us on:Linkedin, Instagram, Facebook to get the latest security news!

To reduce risk, teams should follow these key practices:

• Avoid binding untrusted user input directly to sensitive HTML attributes
• Do not combine i18n with attributes that handle URLs or actions
• Apply manual sanitization using Angular’s security utilities before rendering data

Overall, this vulnerability highlights how small configuration changes can weaken built-in protections, making secure coding practices and timely updates critical for Angular applications.

The post Angular XSS Vulnerability in i18n Handling Exposes Web Applications appeared first on First Hackers News.

Because of this flaw, protected email data may be processed by Copilot and surfaced inside AI chat responses, creating a risk of unintended exposure.

The issue is tracked by Microsoft under reference CW1226324 and was first identified on February 4, 2026. It affects the Copilot “Work Tab” Chat feature.

Vulnerability Details

Technical Cause and Security Impact

Microsoft’s investigation found that a defect in how Copilot processes certain mail folders is responsible for the issue.

Due to this error, emails stored in Sent Items and Drafts can be accessed by Copilot even if confidentiality sensitivity labels are applied.

Normally, sensitivity labels combined with DLP rules should block AI tools from reading or summarizing restricted emails. However, the defect prevents those protections from being properly enforced for the affected folders.

As a result, confidential information may appear in Copilot-generated summaries.

This is especially concerning for sectors such as healthcare, financial services, and government agencies, where strict email protection is tied to regulatory compliance.

The NHS has internally logged the matter as INC46740412, confirming operational impact within public sector environments.

Allowing an AI system to process labeled content despite DLP rules represents a serious breakdown in data governance controls.

Remediation Status

Microsoft began deploying a fix on February 11, 2026, and is contacting certain affected customers to confirm the resolution.

The update is still rolling out, and not all tenants may have received the fix yet.

Organizations using Microsoft 365 Copilot with email sensitivity labels enabled could be impacted until remediation is fully completed.

Recommended Actions

Administrators should monitor the Microsoft 365 Admin Center for updates related to reference CW1226324.

It is also recommended to review Copilot audit logs for unexpected access to labeled email content.

Until Microsoft confirms full deployment of the fix, organizations handling highly sensitive communications may consider temporarily limiting Copilot access to reduce exposure risk.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post Microsoft 365 Copilot AI Summary Flaw Exposes Emails appeared first on First Hackers News.

The update mainly affects BIG-IP Advanced WAF, NGINX products, and BIG-IP Container Ingress Services. Since these systems often handle incoming application traffic, leaving them unpatched could expose organizations to serious attacks.

All about the vulnerability

BIG-IP Advanced WAF & ASM (CVE-2026-22548)
This flaw affects the Web Application Firewall and Application Security Manager modules on BIG-IP devices. Attackers could potentially bypass security protections or disrupt services. It impacts versions 17.1.0 to 17.1.2, and the fix is included in 17.1.3.

NGINX Vulnerability (CVE-2026-1642)
A major issue was found across the NGINX ecosystem, including NGINX Plus, Open Source, and the Ingress Controller. Because NGINX often runs at the edge of networks as a reverse proxy or load balancer, vulnerable systems could become easy targets. This issue also carries a high severity score.

BIG-IP Container Ingress Services (CVE-2026-22549)
For organizations using Kubernetes or OpenShift, a vulnerability affects Container Ingress Services versions 2.0.0 through 2.20.1. A patched version is available in 2.20.2.

Affected Components

F5 also warned about a configuration risk related to SMTP settings in BIG-IP systems. This isn’t a software bug but could allow misuse if not properly secured. Administrators should review and harden their configurations.

What Organizations Should Do

• Identify all BIG-IP and NGINX systems in use
• Check installed versions against the affected list
• Apply updates as soon as possible
• Review and secure SMTP configurations on BIG-IP devices

Because these products sit at key network entry points, patching them quickly is critical to reducing exposure.

The post Critical Flaws in F5 BIG-IP and NGINX Prompt Urgent Security Patches appeared first on First Hackers News.

Security researchers identified nine separate command injection issues affecting different parts of the router software, including web management, VPN services, cloud communication, and configuration features.

What’s the Core Problem?

The router firmware does not properly validate certain inputs. Because of this, attackers can inject malicious operating system commands through authenticated interfaces.

Most of the vulnerabilities require access from the local network with high privileges. However, one flaw can be triggered remotely by importing a specially crafted configuration file, increasing the risk.

What Could Happen?

If exploited, attackers could:

• Take full administrative control of the router
• Change network settings
• Intercept internet traffic
• Install backdoors for long-term access
• Move deeper into internal networks

This could affect both home users and organizations using the device.

Affected Versions

Vulnerability Overview

Fix Available

TP-Link released firmware version 1.2.4 Build 20251218 that fixes all these issues. Users should update immediately through official TP-Link support channels. Devices left unpatched remain at risk.

The post Security Gaps in TP-Link Devices Expose Users to Full Control Attacks appeared first on First Hackers News.

Security researchers warn that the impact could be widespread, as more than 800,000 telnet services are still directly reachable from the internet. With exploit code now available, the barrier to attack is much lower, increasing the likelihood of large-scale scanning and exploitation.

Why this vulnerability is a serious threat

The flaw allows remote attackers to execute commands on vulnerable systems without authentication. In other words, an attacker does not need valid credentials to gain control.

The root cause is improper input validation in the telnet daemon, which can be abused to bypass security checks and run arbitrary commands on the host.

Telnet itself is a legacy remote access protocol that sends all traffic, including usernames and passwords, in plain text. This has long made it a weak point in network security. When combined with a remote code execution vulnerability, exposed telnet services become extremely high-risk. Attackers can use them not only for initial access, but also for deploying malware, stealing credentials, moving laterally inside networks, or adding compromised systems to botnets.

The release of public exploit code changes the risk level significantly. Threat actors no longer need to develop their own tools, making automated attacks more likely. Internet-wide scans continue to show hundreds of thousands of systems with telnet open on common ports, proving that outdated services are still running in production environments.

Recommended actions for organizations

• Identify all systems exposing Telnet, including port 23 and alternate ports such as 2323
• Immediately disable telnet services on internet-facing systems
• Migrate remote administration to secure alternatives like SSH
• Use firewalls and network segmentation to restrict access to legacy systems that cannot yet be removed
• Monitor logs and network traffic for unusual command execution or unauthorized access attempts
• Prioritize patching and remediation as part of urgent risk reduction efforts

Because the exploit is public and the exposed attack surface is so large, this vulnerability presents a real risk of mass exploitation. Organizations that continue to operate telnet services should act quickly to reduce exposure and prevent potential system compromise.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post PoC Released for GNU Telnetd RCE, 800K+ Still Exposed appeared first on First Hackers News.

These flaws may expose proxy credentials, database passwords, API keys, and other secrets in production environments.

Vulnerability Summary

Proxy Credentials Exposure via Task Logs

The first issue affects how Apache Airflow handles proxy configurations inside Connection objects. Proxy URLs can include embedded authentication details, such as usernames and passwords.

These proxy fields were not marked as sensitive, which prevented Airflow’s automatic masking from hiding credentials when connections were rendered or logged during task execution. As a result, proxy credentials could appear in plain text within task logs.

Since task logs are often accessible to multiple users and stored in centralized logging systems, this creates a risk of credential misuse and unauthorized access.

The second vulnerability impacts the Rendered Templates section of the Airflow web UI. When templated fields exceed the configured size limit, the masking process may not apply custom secret-masking rules correctly.

This can cause sensitive values, such as API keys or database passwords, to be partially displayed in clear text in the UI. Any user with access to the Airflow web interface could potentially view these exposed values.

Although both issues require authenticated access, they introduce insider-threat risks and can support lateral movement within environments. Long log retention policies can extend exposure if leaked credentials remain stored in archived logs.

Mitigation and Recommendation

Apache Airflow version 3.1.6 resolves both issues by properly classifying proxy fields as sensitive and ensuring secret-masking rules are applied before data is rendered or truncated.

Organizations are strongly advised to upgrade as soon as possible. If immediate upgrades are not feasible, restricting access to task logs and the Airflow web UI can help reduce exposure.

The post Apache Airflow Flaws Risk Exposure of Sensitive Data appeared first on First Hackers News.

The issue affects Cal.com versions 3.1.6 through 6.0.6 and has been patched in version 6.0.7. Hosted Cal.com environments were secured shortly after the flaw was reported.

The vulnerability was discovered by GitHub researcher pedroccastro and tracked as GHSA-7hg4-x4pr-3hrg.
It originates from a logic flaw in Cal.com’s custom NextAuth JWT callback, which is used to manage user sessions.

When a session update event is triggered, the application incorrectly trusts client-supplied input and writes it directly into the JSON Web Token (JWT) without server-side verification.

An attacker can abuse this behavior by sending a crafted API request that updates the session email field to that of another user. Because ownership of the email is never validated, the JWT is silently modified.

How the Attack Works

The attack works by abusing how Cal.com handles session updates in its authentication logic. An attacker only needs a valid, low-privilege account to trigger a session update request that includes a different user’s email address.

Because Cal.com’s custom NextAuth JWT callback trusts client-supplied data during an “update” event, it writes the attacker-controlled email directly into the JSON Web Token without verifying ownership.

This silently alters the JWT so that it now contains the victim’s email. On subsequent requests, Cal.com identifies the user based solely on the email value stored in the token, causing the backend to treat the attacker as the victim.

As a result, the attacker gains full authenticated access to the victim’s account without knowing the password, possessing a valid session, or passing two-factor authentication, leading to complete account takeover with minimal effort.

Potential Impact on Affected Accounts

An attacker who successfully exploits this flaw could gain access to:

• Booking schedules and calendar data
• Personal and organizational event types
• Connected services (Google Calendar, Zoom, etc.)
• Organization roles and permissions
• Billing and administrative features

Because the bypass occurs after authentication checks, traditional security controls like 2FA offer no protection in this scenario.

Patch Status and Recommendations

Cal.com has confirmed that:

• No active exploitation has been observed so far
• Hosted instances were patched immediately

Recommended Actions

• Upgrade self-hosted Cal.com deployments to version 6.0.7 or later
• Review API usage and access logs for unusual session updates
• Rotate API keys or tokens if exposure is suspected
• Apply strict validation for identity fields in custom authentication logic

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post Critical Cal.com Vulnerability Enables Account Takeover appeared first on First Hackers News.

The vulnerabilities impact Kibana and related components, affecting how files, inputs, and system resources are handled. Elastic strongly recommends updating to the latest versions to reduce exposure.

Most Critical Issue: Arbitrary File Disclosure

The most serious flaw, tracked as CVE-2026-0532, affects connector configurations and combines two weaknesses: improper file path handling and server-side request forgery (SSRF).

An authenticated attacker with permission to create or modify connectors could abuse this flaw to trigger unauthorized network requests and read files from the underlying system. This issue has a CVSS score of 8.6, placing it in the high-severity category.

Vulnerability Summary

Email Connector and Fleet DoS Issues

Another issue, CVE-2026-0543, affects Kibana’s email connector. Improper input validation allows attackers with execution privileges to submit malformed email parameters, potentially exhausting memory and causing a denial-of-service (DoS) condition that requires manual intervention to recover.

In addition, two related flaws in Kibana Fleet (CVE-2026-0531 and CVE-2026-0530) allow logged-in users to trigger excessive resource usage through repeated requests. These flaws can also lead to service disruption, and no temporary workarounds are available.

Mitigation and Recommended Action

Elastic has released fixed versions and advises users to upgrade immediately to:

• 8.19.10
• 9.1.10
• 9.2.4

Elastic Cloud Serverless deployments are not affected due to continuous updates. For self-managed environments where immediate upgrades are not possible, Elastic suggests restricting connector permissions and applying tighter access controls as a temporary risk reduction measure.

These vulnerabilities highlight the importance of regularly updating Elastic deployments, especially in environments that rely heavily on connectors and Fleet management. Organizations running affected versions should review their exposure and apply patches as soon as possible to prevent file disclosure or service disruption.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post Elastic Security Updates Address File Theft and DoS Risks appeared first on First Hackers News.

The flaw is tracked as CVE-2025-48769 and was publicly disclosed on December 31, 2025. It has been rated moderate severity but impacts a wide range of NuttX versions.

Vulnerability Details and Impact

The issue exists in the Virtual File System (VFS), specifically within the fs/vfs/fs_rename code. A flaw in how memory is handled during recursive operations can result in a use-after-free condition, leading to system instability.

Key details:

• CVE ID: CVE-2025-48769
• Vulnerability Type: Use After Free (CWE-416)
• Affected Product: Apache NuttX RTOS
• Affected Component: Virtual File System (VFS)
• Affected Versions: 7.20 through 12.10.0

In certain situations, this flaw can cause unintended file rename or move operations, which may result in crashes. Systems running virtual filesystem services with write access are especially at risk, particularly when exposed over network protocols such as FTP.

Mitigation and Recommendations

The Apache NuttX team has released version 12.11.0, which fully fixes the vulnerability. Users running affected versions are strongly advised to upgrade as soon as possible.

For environments where an immediate upgrade is not possible, temporary risk reduction steps include:

• Restricting network access to virtual filesystem services
• Limiting or disabling write access where feasible
• Closely monitoring embedded and IoT devices exposed to FTP or similar services

No active exploitation has been reported so far. However, timely patching is recommended to prevent potential stability and security issues.

The vulnerability was reported by Richard Jiayang Liu of the University of Illinois, with the fix reviewed and coordinated by the Apache NuttX maintainers and security team.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post Apache NuttX Bug Allows Remote System Crashes appeared first on First Hackers News.

The issue is caused by a weakness in how API Connect handles primary authentication. An attacker does not need valid credentials, user interaction, or elevated privileges to exploit it. Network access to a vulnerable instance is enough to gain unauthorized access.

Key Details

• CVE ID: CVE-2025-13915
• Severity: Critical
• CVSS Score: 9.8
• Weakness Type: Authentication bypass (CWE-305)
• Attack Complexity: Low
• Privileges Required: None

Affected Versions

The vulnerability impacts the following IBM API Connect versions:

• 10.0.8.0
• 10.0.8.1
• 10.0.8.2
• 10.0.8.3
• 10.0.8.4
• 10.0.8.5
• 10.0.11.0

IBM API Connect is commonly used to control authentication, authorization, and security policies for enterprise APIs. A successful authentication bypass at this layer can expose:

• Backend API services
• Sensitive business data
• Internal application logic
• Downstream systems connected to APIs

Because the flaw sits at the gateway level, exploitation could have a broad impact across environments.

Mitigation and Recommendations

IBM strongly advises customers to apply security updates immediately.

• Users on 10.0.8.x should install the available interim fixes (iFixes).
• Users on 10.0.11.0 should apply the released security patch.

If patching cannot be done right away, IBM recommends disabling self-service sign-up on the Developer Portal to reduce exposure. This is a temporary measure and does not fully remove the risk.

What Organizations Should Do Now

• Identify all IBM API Connect instances in use
• Apply patches or interim fixes as a priority
• Review API access and authentication logs for unusual activity
• Limit external exposure until updates are completed

Given the high severity score and ease of exploitation, this vulnerability should be addressed immediately, not deferred.

‍Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!

The post IBM API Connect Flaw Enables Authentication Bypass appeared first on First Hackers News.