Tag: update
-
NVIDIA Isaac Vulnerabilities Enable Remote Code Execution Attacks
NVIDIA released critical security updates for its Isaac Launchable platform on December 23, 2025, addressing three severe vulnerabilities that could allow unauthenticated attackers to execute arbitrary code remotely. All three flaws carry a maximum CVSS score of 9.8, placing them in the critical severity category and requiring immediate attention from affected organizations. The security bulletin…
-
MongoDB warns admins to patch severe RCE flaw immediately
MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mongodb-warns-admins-to-patch-severe-rce-flaw-immediately/
-
Implementing NIS2, without getting bogged down in red tape
Tags: access, ai, automation, backup, bsi, business, cloud, compliance, control, data, detection, email, encryption, iam, identity, incident response, infrastructure, law, least-privilege, metric, monitoring, network, nis-2, regulation, saas, sbom, service, siem, soc, software, startup, supply-chain, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayIT in transition: From text documents to declarative technology: NIS2 essentially requires three things: concrete security measures; processes and guidelines for managing these measures; and robust evidence that they work in practice.Process documentation, that is, policies, responsibilities, and procedures, is not fundamentally new for most larger companies. ISO 27001-based information security management systems, HR processes, and…
-
Elementary OS 8.1 rolls out with a stronger focus on system security
Elementary OS 8.1 is now available for download and shipping on select hardware from retailers such as Star Labs, Slimbook, and Laptop with Linux. The update arrives after … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/24/elementary-os-8-1-released/
-
ServiceNow’s $7.75 billion cash deal for Armis illustrates shifting strategies
Tags: access, ai, attack, authentication, automation, business, ceo, cio, ciso, computing, control, cyber, governance, identity, incident response, intelligence, iot, risk, service, strategy, tool, update, vulnerabilityVisibility is the key: “For decades, the CIO’s white whale has been a precise, real-time Configuration Management Database [CMDB]. Most are outdated the moment they are populated,” said Whisper Security CEO Kaveh Ranjbar. The Armis acquisition “is an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry…
-
The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure
Tags: access, ai, attack, breach, business, cloud, cve, cvss, data, data-breach, flaw, iam, identity, infrastructure, least-privilege, malicious, metric, network, ransomware, risk, security-incident, service, software, strategy, threat, tool, update, vulnerability, vulnerability-managementPrioritizing what to fix first and why that really matters Key takeaways The 97% distraction: Discover why the vast majority of your “Critical” alerts are just theoretical noise, and how focusing strictly on the 3% of findings that represent real, exploitable risk can drastically improve your security posture. Identity is the accelerant: Breaches rarely happen…
-
Microsoft rushes an outband update for Message Queuing bug
Redmond gets in early for the twelve whoopsies of Christmas First seen on theregister.com Jump to article: www.theregister.com/2025/12/23/microsoft_fixes_message_queuing_issue/
-
Best of 2025: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
10Critical 147Important 0Moderate 0Low Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available. Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated..…
-
WhatsApp API worked exactly as promised, and stole everything
Tags: access, api, attack, backdoor, encryption, endpoint, github, malicious, malware, metric, monitoring, supply-chain, threat, tool, updateBackdoor sticks around even after package removal: Koi said the most significant component of the attack was its persistence. WhatsApp allows users to link multiple devices to a single account through a pairing process involving an 8-character code. The malicious lotusbail package hijacked this mechanism by embedding a hardcoded pairing code that effectively added the…
-
Wichtig zu wissen! – Teams kehrt in die Lizenzpakete zurück, Windows 10 erhält weiter Updates
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-copilot-erweiterung-lizenzaenderungen-a-c1876f3c8b2af9ebf33fed3249c23b1a/
-
Agentic AI already hinting at cybersecurity’s pending identity crisis
Agentic AI’s identity crisis: Authentication and agentic experts interviewed, three of whom estimate that less than 5% of enterprises experimenting with autonomous agents have deployed agentic identity systems, say the reasons for this lack of security hardening are varied.First, many of these efforts are effectively shadow IT, where a line of business (LOB) executive has…
-
Mend Leadership Update: Building on Our Momentum for the Next Phase of Growth
Tags: updateAn update on Mend.io’s leadership as we enter the next phase of growth. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/mend-leadership-update-building-on-our-momentum-for-the-next-phase-of-growth/
-
CISA flags ASUS Live Update CVE, but the attack is years old
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-asus-live-update-cve-but-the-attack-is-years-old/
-
Think you can beat ransomware? RansomHouse just made it a lot harder
Tags: access, attack, backup, corporate, data, detection, encryption, endpoint, extortion, incident response, leak, monitoring, ransom, ransomware, strategy, updateRansomHouse attempts double extortion: Beyond the cryptographic update, RansomHouse leverages a double extortion model, which involves exfiltrating data and threatening public disclosure in addition to encrypting it, to add pressure on victims to pay.This layered pressure tactic, already a common feature of modern ransomware attacks, complicates incident response timelines and negotiating strategies for corporate security…
-
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-all-cisa-linked-alerts-are-urgent-asus-live-update-cve-2025-59374/
-
Android Security Update Triggers Renewed Attention with Mid-Month Changes
Google’s latest Android security updates are drawing renewed scrutiny this week as revisions, staggered patch rollouts, and follow-on fixes converge across the Android ecosystem. While the underlying security bulletin itself is not new, the way updates are landing on devices now is creating a sense of sudden disruption for users and security teams alike. At……
-
Hackers Stole Millions of PornHub Users’ Data for Extortion
Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-stole-millions-of-pornhub-users-data-for-extortion/
-
Hackers Stole Millions of PornHub Users’ Data for Extortion
Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-stole-millions-of-pornhub-users-data-for-extortion/
-
Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions
Microsoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other critical service operations. The company has acknowledged the incident and is actively investigating the root cause. According to Microsoft 365 Status updates, users reported experiencing delays in message delivery and problems…
-
Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions
Microsoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other critical service operations. The company has acknowledged the incident and is actively investigating the root cause. According to Microsoft 365 Status updates, users reported experiencing delays in message delivery and problems…
-
Snowflake update caused a blizzard of failures worldwide
Customers in 10 of the company’s 23 regions had “operations fail or take an extended amount of time to complete.” First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/snowflake_update_caused_a_blizzard/
-
FBI says ‘ongoing’ deepfake impersonation of U.S. gov officials dates back to 2023
The update also includes new details around the specific tactics and talking points impersonators use to ensnare victims. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-says-ongoing-deepfake-impersonation-of-us-officials-dates-back-to-2023/
-
Apache Log4j Flaw Enables Interception of Sensitive Logging Data
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect sensitive log data by exploiting a flaw in how the software establishes secure connections. The issue specifically affects the >>Socket Appender
-
New Kibana Vulnerabilities Allow Attackers to Embed Malicious Scripts
Elastic has released critical security updates to address a dangerous cross-site scripting (XSS) vulnerability affecting multiple versions of Kibana. The vulnerability, tracked as CVE-2025-68385, allows authenticated attackers to inject malicious scripts into web pages served to other users. Vulnerability Details The flaw stems from improper input neutralization during web page generation, specifically within Kibana’s Vega…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/hpe_oneview_rce_bug/
-
New critical WatchGuard Firebox firewall flaw exploited in attacks
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/watchguard-warns-of-new-rce-flaw-in-firebox-firewalls-exploited-in-attacks/