Tag: update
-
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field…
-
Windows shell spoofing vulnerability puts sensitive data at risk
A difficult balance: Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21…
-
Brace for the patch tsunami: AI is unearthing decades of buried code debt
Britain’s cyber agency says the bill for years of technical shortcuts is coming due, and it’s arriving all at once First seen on theregister.com Jump to article: www.theregister.com/2026/05/02/ncsc_brace_for_patch_tsunami/
-
Microsoft releases first big update after Nadella’s vow to ‘win back fans’
Lots of fixes, some performance tweaks. Fingers crossed there’s no out-of-band patch to follow First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/microsoft_release_first_big_update/
-
Anthropic Opens Claude Security for Wider Public
Flaw Finding Model Integrated into a Slew of Cybersecurity Platforms. Claude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a public beta for enterprise customers. First seen on govinfosecurity.com Jump to article:…
-
Canonical Hit by Sustained DDoS Attack, Disrupting Ubuntu Services Worldwide
A DDoS attack on Canonical has disrupted key Ubuntu services and patching workflows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/canonical-hit-by-sustained-ddos-attack-disrupting-ubuntu-services-worldwide/
-
Federal agencies must patch cPanel bug by Sunday, CISA says
Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
-
CyberStrong Product Update: What’s New in Release 4.15
<div cla CyberStrong 4.15 is here, and this release is packed with improvements across the platform, from expanded workflow capabilities and bulk data import to deeper asset group intelligence and a cleaner user experience throughout. Here’s a look at everything that’s new. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/cyberstrong-product-update-whats-new-in-release-4-15/
-
British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery
Britain’s cyber agency warned that organizations should prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security flaws, raising the risk of widespread exploitation. First seen on therecord.media Jump to article: therecord.media/british-cyber-ai-patch-wave
-
Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Google patched 30 Chrome vulnerabilities, including four Critical flaws. Here’s what users should know and how to update Chrome and Firefox. The post Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-30-vulnerabilities-april-2026/
-
Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones
Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches. The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-samsung-one-ui-8-5-galaxy-security-battery-drain/
-
Windows 11 KB5083631 update released with 34 changes and fixes
Microsoft has released the KB5083631 optional cumulative update for Windows 11, which includes 34 changes, such as a new Xbox mode for Windows PCs, enhanced security and performance for batch files, and performance improvements for launching startup apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5083631-update-released-with-34-changes-and-fixes/
-
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data
The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately…
-
Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets
The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The most critical bugs in this release allow for possible arbitrary code execution, elevating the risk…
-
Microsoft Windows 11 April 2026 Security Update Disrupts Third-Party Backup Tools
The April 2026 security update for Windows 11, designated as KB5083769, is causing severe disruptions for users relying on third-party backup solutions. Deployed for Windows 11 versions 24H2 and 25H2, this patch introduces a critical flaw that breaks the Microsoft Volume Shadow Copy Service (VSS). Because VSS is a fundamental component for taking safe, point-in-time…
-
Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform
Tags: ai, api, attack, business, cloud, data, flaw, governance, intelligence, risk, tool, update, vulnerabilityBridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface, eliminate noise, and focus on the risks that matter most. Key takeaways As frontier AI models like Claude accelerate the pace of vulnerability discovery, security programs must shift their…
-
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-assisted-software-scan-linux-bug
-
Patch management goes from hard, to ludicrous in the agentic AI era
The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
-
Patch management goes from hard, to ludicrous in the agentic AI era
The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
-
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability
Tags: access, ai, attack, browser, cisa, cloud, container, crypto, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, linux, mitigation, ransomware, risk, tool, update, vulnerabilityA flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability in the Linux kernel reportedly affecting virtually every major distribution released…
-
April KB5083769 Windows 11 update causes backup software failures
The April 2026 KB5083769 security update breaks third-party backup applications from multiple vendors on systems running Windows 11 24H2 and 25H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/april-kb5083769-windows-11-update-causes-backup-software-failures/
-
Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros
AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of Scanning. Patch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted…
-
cPanel zero-day exploited for months before patch release (CVE-2026-41940)
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
-
Beschluss des Bundeskabinetts – Eco-Verband kritisiert Entwurf zur Vorratsdatenspeicherung
Tags: updateFirst seen on security-insider.de Jump to article: www.security-insider.de/bundesregierung-speicherung-ip-adressen-strafverfolgung-a-ab1468c163bff66eaf34b190211cc48e/
-
Proxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobs
Proxmox Backup Server 4.2 is a maintenance and feature update built on Debian 13.4 >>Trixie<< that adds S3-compatible object storage as a supported backend and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/proxmox-backup-server-4-2-released/
-
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack user sessions. All vulnerabilities were responsibly disclosed through the Jenkins Bug Bounty Program, which the…