H-ISAC: White Reports
On February 6, 2026, BeyondTrust released a security advisory, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability tracked as CVE-2026-1731.
On January 15, 2026, a critical authentication bypass vulnerability, tracked as CVE-2026-24858, in FortiCloud SSO was discovered. It allows unauthenticated remote attackers to gain administrative access to Fortinet devices.
On January 19, 2026, a security researcher, Kyu Neushwaistein (a.k.a. Carlos Cortes Alvarez), reported an 11-year-old critical vulnerability in telnetd, tracked as CVE-2026-24061.
Health-ISAC is tracking an emerging fraud pattern where threat actors exploit SMS and voice One-Time Password (OTP) mechanisms used in account sign-up, patient portal enrollment, telehealth registration, and MFA flows.
A maximum-severity vulnerability in HPE OneView, tracked as CVE-2025-37164, is being actively exploited in the wild.
On January 7, 2026, Cisco released security updates to address a medium-severity vulnerability, tracked as CVE-2026-20029, affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) network access control solutions.
On January 6, 2026, Veeam released security updates to address four vulnerabilities affecting its Backup & Replication solution.
On December 2nd, the Health-ISAC Fall Americas Summit convened healthcare leaders and regulators to address the evolving medical device cybersecurity landscape.
This week, Health-ISAC®'s Hacking Healthcare® Hacking Healthcare examines newly amended provisions to China’s Cybersecurity Law.
On December 2, 2025, Microsoft experienced a widespread outage in its Defender Portal that prevented many organizations from accessing critical security alerts and threat-hunting data. According to reports, the outage lasted for over 10 hours.