Information Security Alerts

The following products have discovered critical security vulnerabilities recently. These vulnerabilities could allow remote attackers to invade your devices. It is strongly recommended updating your following product versions to the latest immediately.

Phishing Alerts
- Phishing emails reported by CUHK users
Active Vulnerabilities to be concerned

Product	Vulnerability	Publish Date
Fortinet	Fortinet FortiGate and SSL VPN Credential Harvesting Campaign “FortiBleed”^[new]	18 Jun 2026
Adobe	Adobe Multiple Vulnerabilities ^[new]	11 Jun 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “CIFSwitch” (CVE-2026-46243) ^[new]	2 Jun 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “PinTheft” (CVE-2026-43494)	22 May 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “DirtyDecrypt / DirtyCBC” (CVE-2026-31635)	19 May 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “Fragnesia” (CVE-2026-46300)	15 May 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “Dirty Frag” (CVE-2026-43284, CVE-2026-43500)	8 May 2026
Palo Alto	PAN-OS Remote Code Execution Vulnerability (CVE-2026-0300)	6 May 2026
Linux	Linux Kernel Local Privilege Escalation Vulnerability “Copy Fail” (CVE-2026-31431)	4 May 2026

Enquiry
- For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Active Vulnerabilities in last12 months

For General Users:

Product	Vulnerability	Publish Date
Google Chrome	Google Chrome Skia and V8 Vulnerabilities (CVE-2026-3909 & CVE-2026-3910	17 Mar 2026
Google Chrome	Google Chromium Remote Code Execution Vulnerability (CVE-2026-2441)	20 Feb 2026
Google Chrome	Google Chromium Out-of-Bounds Memory Access Vulnerability (CVE-2025-14174)	17 Dec 2025
WinRAR	Zero-Day WinRAR Path Traversal Vulnerability (CVE-2025-8088)	14 Aug 2025
Google Chrome	Google Chromium Out-of-Bounds Memory Access Vulnerability (CVE-2025-14174)	17 Dec 2025

For Technical Professionals:

Product	Vulnerabilities	Publish Date
ASP.NET	ASP.NET Elevation of Privilege (CVE-2026-40372)	22 Apr 2026
ASP.NET	ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)	23 Oct 2025
Fortinet	FortiWeb Authentication Bypass Vulnerability (CVE-2025-52970)	18 Aug 2025

Active Ransomware Attack to be concerned

Vulnerabilities and Ransomware Variants in past years

Reference Information

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.