THREATSDAY Bulletin highlights OpenSSL patches for a stack buffer overflow that can enable remote code execution via CMS data, tracked as CVE-2025-15467, and notes another high-severity vulnerability, CVE-2025-11187, involving a stack-based overflow from missing validation. It also covers a cluster of 16 0‑day vulnerabilities in Foxit and Apryse PDF engines, including CVE-2025-70401, CVE-2025-70402 and CVE-2025-66500, which were addressed in product updates.
In the Copilot space, Microsoft confirmed a bug, CW1226324, allowing confidential emails to be summarized from Sent Items and Drafts without permission, with a fix deployed on 3 February 2026. The bulletin further flags that GitLab added CVE-2021-22175 to the KEV catalog, requiring federal agencies to patch by 11 March 2026. Across the broader roundup, ThreatsDay notes ongoing threats and rapid disclosure cycles across platforms, tools and sectors, illustrating the breadth of risk facing organisations today.