Trump is causing incalculable damage to the Christian faith, yet most evangelicals will never break with him.

YouTube video by MSW Media

A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges . The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy surveillance infrastructure. The vulnerability exists in the upload_map.cgi script, where user-supplied filenames are processed through an unsanitized snprintf() function before being passed to the system() call. This allows attackers to inject shell commands via specially crafted filenames that contain metacharacters, such as semicolons. Vivotek Vulnerability Akamai researchers discovered that Vivotek legacy cameras lack password protection by default, eliminating authentication barriers. The exploit requires five specific conditions: file size under 5MB, firmware verification bypass, and an intact /usr/sbin/confclient binary. Disassembled code showing user input passed to system() (source : Akamai) Non-standard web server environment variables, and access through upload_map.cgi rather than file_manager.cgi. Researchers created a bash script that generates valid firmware images with proper magic bytes (FF V FF FF header and FF K FF FF footer) to bypass validation checks. By setting environment variables, including POST_FILE_NAME=”test_firmware.bin; id;”, attackers trigger command execution as the root user, as evidenced by proof-of-concept demonstrations in which the id command showed a uid of 0 (root). Decompiled code showing how cgi-bin script must be called( source: Akamai) The vulnerability impacts 36 camera models across multiple product lines. Model Series Affected Firmware FD8365, FD9165, FD9371 0100a–0125c FE9180, FE9191 0100a–0125c IB9365, IP9165, IP9171 0100a–0125c MA9321, MS9390, TB9330 0100a–0125c Attack Scenario An attacker can remotely upload a malicious firmware file with an embedded command in the filename. When processed by the vulnerable upload_map.In a CGI script, the shell metacharacter triggers command execution. The resulting payload executes with root privileges, enabling complete system compromise, lateral network movement, botnet installation, or data exfiltration. According to Akamai, organizations should implement network-level detection using the following YARA rule to identify exploitation attempts: rule CVE_2026_22755_Vivotek_upload { meta: description = "Detects upload_map.cgi requests with camid parameter" strings: $path = "/cgi-bin/admin/upload_map.cgi" $param = "camid=" condition: all of them } Prioritize firmware updates for affected camera models immediately. Implement network segmentation to isolate legacy camera infrastructure. Deploy intrusion detection signatures for malicious upload_map.cgi requests. Conduct inventory audits to identify deployed vulnerable devices. Monitor for suspicious file uploads and POST requests to camera administration interfaces. This vulnerability represents a critical IoT security risk, particularly for organizations operating legacy surveillance systems in critical infrastructure, healthcare, and enterprise environments. Unauthenticated remote code execution with root privileges enables complete device compromise and potential network propagation through botnet-based distributed denial-of-service attacks. Follow us on Google News , LinkedIn , and X for daily cybersecurity updates. Contact us to feature your stories. The post Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code appeared first on Cyber Security News .

The former Justice Department special counsel who twice indicted President Donald Trump will face tough questioning in a highly anticipated congressional hearing.

A winter storm is predicated for South Carolina this weekend, potentially bringing sleet, ice, snow and freezing temperatures.

Microsoft has confirmed it is actively investigating a new service incident affecting multiple core services within the Microsoft 365 ecosystem. The company acknowledged the disruption on Wednesday evening, following reports of connectivity issues and service degradation for users relying on its cloud-based productivity tools. The incident, tracked under Issue ID MO1220495, officially began on January 21, 2026, at 10:15 PM IST. While the full scope of the disruption is still being determined, Microsoft has listed three primary services as “Affected”: Exchange Online, Microsoft Teams , and the broader Microsoft 365 suite. This disruption poses a significant challenge for enterprise users, as Exchange Online and Teams are critical components of daily business communication. Users attempting to access emails, join meetings, or use collaboration tools within the suite may experience intermittent failures, latency, or an inability to sign in. According to the latest status update provided at 10:37 PM IST, Microsoft engineers are currently in the diagnostic phase. The status remains listed as “Investigating,” indicating that the root cause has not yet been isolated or remediated. We've received reports and are investigating an issue affecting Microsoft 365 services, including Teams and Outlook. Further information can be found in the Microsoft 365 admin center under MO1220495 or at https://t.co/HhkWRk0eVa . — Microsoft 365 Status (@MSFT365Status) January 21, 2026 Microsoft has not yet released specific details on the “Scope of impact,” so it is unclear whether this is a global outage or limited to specific geographic regions. IT administrators are advised to check the Service Health Dashboard (SHD) in the Microsoft 365 admin center for granular details relevant to their specific tenant. The company has committed to providing regular updates as the investigation proceeds. As of the last communication, the situation is developing, and no estimated time for resolution (ETR) has been provided. Organizations relying on these services should prepare for potential workflow interruptions and monitor official Microsoft channels for the next scheduled update. Follow us on Google News , LinkedIn , and X for daily cybersecurity updates. Contact us to feature your stories. The post Microsoft Investigating Issue Impacting Exchange Online, Teams, and M365 Suite appeared first on Cyber Security News .

Blas Nuñez-Neto is a senior adviser to WestExec, a shadow lobbyist for defense and tech firms.

The mother of a 6-year-old girl in New Jersey says her daughter was found walking alone outside their apartment crying and asking for her father over the weekend after he was detained by ICE agents wh...