Tag: update
-
(g+) Exchange OWA XSS: Angriff per Mail und ein Patch, der nicht alle erreicht
Ein aktiv ausgenutzter Zero-Day in Exchange OWA ist gepatcht, für 2016 und 2019 aber nur gegen Aufpreis. Was zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/exchange-owa-xss-angriff-per-mail-und-ein-patch-der-nicht-alle-erreicht-2606-209967.html
-
Vidar Infostealer Bypasses Google Chrome’s ABE Encryption via APC Injection
A sophisticated evasion technique developed by Vidar infostealer operators successfully bypasses Google Chrome’s Application-Bound Encryption (ABE). Introduced in 2024, ABE was designed to protect browser-stored cookies and sensitive credentials. According to recent findings by Gen Threat Labs, the latest iterations of Vidar are now dropping weekly updates that utilize a complex chain of process forking,…
-
Vidar Infostealer Bypasses Google Chrome’s ABE Encryption via APC Injection
A sophisticated evasion technique developed by Vidar infostealer operators successfully bypasses Google Chrome’s Application-Bound Encryption (ABE). Introduced in 2024, ABE was designed to protect browser-stored cookies and sensitive credentials. According to recent findings by Gen Threat Labs, the latest iterations of Vidar are now dropping weekly updates that utilize a complex chain of process forking,…
-
14,971 WordPress Sites Cleaned in Global SocGholish Takedown
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks…
-
June 2026 Windows updates break Recycle Bin prompts
Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-recycle-bin-bug-on-all-supported-windows-releases/
-
Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/
-
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX). This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a significant weakness in trusted firmware components. It could potentially allow attackers to execute arbitrary code…
-
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity
Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service (DoS) conditions and authentication bypass. These updates, released on June 18, 2026, affect Node.js versions 22.x, 24.x, and 26.x. The patched versions are now available as v22.23.0, v24.17.0, and v26.3.1. Node.js…
-
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips.That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use.This is…
-
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips.That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use.This is…
-
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device…
-
Apple releases security update for Beats Studio Buds vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/apple-releases-security-update-for-beats-studio-buds-vulnerability
-
Apple releases security update for Beats Studio Buds vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/apple-releases-security-update-for-beats-studio-buds-vulnerability
-
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems.The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open…
-
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing…
-
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/law-enforcement-socgholish-operation-endgame/
-
ShapedPlugin update flow hacked to infect WordPress sites
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor’s official update system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/
-
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users’ conversations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations/
-
F5 Patches NGINX Vulnerability Enabling Code Execution and DoS Attacks
F5 has released an out-of-band security notification addressing multiple high”‘severity vulnerabilities in NGINX components that can enable remote code execution (RCE) and denial”‘of”‘service (DoS) attacks in certain configurations, urging customers to patch or upgrade affected deployments immediately. On June 17, 2026, F5 issued an out-of-band security notification (K000161614) summarizing several high- and medium-severity flaws across…
-
Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online
A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity community after a working proof-of-concept (PoC) exploit was released before a security patch became available. The exploit was published on GitHub by security researcher Nightmare Eclipse on June 10, 2026, only hours after Microsoft issued its June Patch Tuesday updates. First seen…
-
Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development
Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8). The vulnerability allows privilege escalation through the Microsoft Malware Protection Engine. The company stated it is aware of the issue and is…
-
F5 issues outband patches for critical NGINX vulnerabilities
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/
-
Google Adds New Android Controls for WhatsApp Backups, Password Transfers
Google’s June 2026 Android system updates add WhatsApp backup controls, Play Protect checks, passkey portability, and Play Store AI search. The post Google Adds New Android Controls for WhatsApp Backups, Password Transfers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-june-2026-system-updates/
-
Microsoft fixes Windows Server 2016 security update failures
Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren’t up to date. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/
-
Windows 11 June Patch Triggers Microsoft Office Startup Issues
Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as users report that Microsoft Office applications fail to launch when opened via certain third-party applications. The update, released on June 9, 2026, targets Windows 11 version 26H1 and bundles critical security…
-
Gefährlicher Windows-Exploit: Microsoft verspricht ein High-Quality-Update
Microsoft will mit einem Update die Ausnutzung des Rogueplanet-Exploits auf Windows-Geräten unterbinden. Wann das passiert, bleibt aber ein Rätsel. First seen on golem.de Jump to article: www.golem.de/news/rogueplanet-exploit-microsoft-verspricht-ein-high-quality-sicherheitsupdate-2606-209904.html
-
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet.The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.”Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in…
-
What CISA’s new remediation directive means for CISOs
CISA’s updated directive for federal agencies compresses mandatory patching timelines to just three days for high-risk flaws, urging practitioners to ‘patch smarter, not harder.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366644336/What-CISAs-new-remediation-directive-means-for-CISOs
-
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/
-
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/