Tag: update
-
Kein Patch, kein Workaround – Schwachstelle in veralteten D-Link-Routern aktiv ausgenutzt
First seen on security-insider.de Jump to article: www.security-insider.de/kein-patch-kritische-schwachstelle-veraltete-d-link-router-a-1fcfd61b20082b94d96ab6dfa9d85e04/
-
New OpenAI leak hints at upcoming ChatGPT features
OpenAI is internally testing a new update for ChatGPT, at least on the web. It’ll begin rolling out in the coming weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/new-openai-leak-hints-at-upcoming-chatgpt-features/
-
Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs
Microsoft has released multiple emergency, out-of-band updates for Windows 10, Windows 11, and Windows Server to fix two issues caused by the January Patch Tuesday updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-windows-updates-to-fix-shutdown-cloud-pc-bugs/
-
NDSS 2025 ScopeVerif: Analyzing The Security Of Android’s Scoped Storage Via Differential Analysis
Session 9A: Android Security 2 Authors, Creators & Presenters: Zeyu Lei (Purdue University), Güliz Seray Tuncay (Google), Beatrice Carissa Williem (Purdue University), Z. Berkay Celik (Purdue University), Antonio Bianchi (Purdue University) PAPER ScopeVerif: Analyzing the Security of Android’s Scoped Storage via Differential Analysi Storage on Android has evolved significantly over the years, with each new…
-
Kein Umsatz für Nvidia Update – – China soll den Import von H200-GPUs untersagt haben
Nvidia darf H200 nach China ausliefern. Sicherheitsmaßnahmen, Testreihen von Drittanbietern und andere Dinge sollen Missbrauch verhindern. First seen on computerbase.de Jump to article: www.computerbase.de/news/wirtschaft/nvidia-h200-nach-china-sicherheitsmassnahmen-vorab-tests-und-mehr-auferlegt.95790
-
Microsoft’s January Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this…The…
-
Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as CVE-2026-23550 (CVSS score of 10). Modular DS is a WordPress plugin with over 40,000 installs that helps manage multiple sites, enabling monitoring, updates, and remote administration. In plugin…
-
Some Windows PCs fail to shut down after January update
Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-some-windows-pcs-fail-to-shut-down-after-january-update/
-
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.The vulnerability, tracked as…
-
Breach Roundup: Software Update Caused Verizon Outage
Also, Venezuela Cyberattack, Endesa Confirms Breach and Telegram IP Leak. This week, a software flaw caused the Verizon outage. U.S. cyberattack in Venezuela. ICE identities published online. BreachForums users leaked. Spanish energy provider Endesa data breach. Telegram privacy risk. A MuddyWater upgrade. Dutch man sentenced for hacking a maritime port. A ServiceNow patch. First seen…
-
Flipping one bit leaves AMD CPUs open to VM vuln
Fix landed in July, but OEM firmware updates are required First seen on theregister.com Jump to article: www.theregister.com/2026/01/15/stackwarp_bug_amd_cpus/
-
Elon Musk’s Grok ‘Undressing’ Problem Isn’t Fixed
X has placed more restrictions on Grok’s ability to generate explicit AI images, but tests show that the updates have created a patchwork of limitations that fail to fully address the issue. First seen on wired.com Jump to article: www.wired.com/story/elon-musks-grok-undressing-problem-isnt-fixed/
-
Januar-Patchday: Windows-Updates machen Remote-Anmeldung kaputt
Einige Anwender haben neuerdings Probleme, sich mit der Windows-App bei Azure Virtual Desktop oder Windows 365 anzumelden. Ein Fix ist in Arbeit. First seen on golem.de Jump to article: www.golem.de/news/januar-patchday-windows-updates-machen-windows-app-kaputt-2601-204213.html
-
Januar-Patchday: Windows-Updates machen Remote-Anmeldung kaputt
Einige Anwender haben neuerdings Probleme, sich mit der Windows-App bei Azure Virtual Desktop oder Windows 365 anzumelden. Ein Fix ist in Arbeit. First seen on golem.de Jump to article: www.golem.de/news/januar-patchday-windows-updates-machen-windows-app-kaputt-2601-204213.html
-
Januar-Patchday: Windows-Updates machen Remote-Anmeldung kaputt
Einige Anwender haben neuerdings Probleme, sich mit der Windows-App bei Azure Virtual Desktop oder Windows 365 anzumelden. Ein Fix ist in Arbeit. First seen on golem.de Jump to article: www.golem.de/news/januar-patchday-windows-updates-machen-windows-app-kaputt-2601-204213.html
-
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit.The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for…
-
Januar-Patchday: Windows-Updates machen Windows-App kaputt
Einige Anwender haben neuerdings Probleme, sich mit der Windows-App bei Azure Virtual Desktop oder Windows 365 anzumelden. Ein Fix ist in Arbeit. First seen on golem.de Jump to article: www.golem.de/news/januar-patchday-windows-updates-machen-windows-app-kaputt-2601-204213.html
-
From typos to takeovers: Inside the industrialization of npm supply chain attacks
Tags: access, application-security, attack, automation, backdoor, blockchain, breach, control, credentials, cybersecurity, github, gitlab, malicious, malware, phishing, radius, risk, supply-chain, threat, update, wormFrom typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead…
-
Court Axes Investor Lawsuit Over CrowdStrike Software Update
Misstatement Claims Tossed in Class-Action Securities Case After CrowdStrike Outage. A U.S. district judge tossed most claims from investors accusing CrowdStrike of misrepresenting its software testing rigor before a July 2024 outage. The judge said two statements about federal compliance could plausibly be misleading, but said plaintiffs failed to establish intent or recklessness. First seen…
-
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Tags: access, advisory, attack, authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, kev, mitigation, threat, update, vpn, vulnerability, zero-dayExploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have historically been common targets for cyber attackers, with 23 Fortinet CVEs currently on the CISA KEV list. Public exploit code has…
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/patch_tuesday_january_2026/
-
Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed
Microsoft kicks off 2026 with 115 security updates, including a fix for an actively exploited zero-day. Protect your Windows and Office systems today. First seen on hackread.com Jump to article: hackread.com/microsoft-january-2026-patch-tuesday-vulnerabilities/
-
U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Windows vulnerability, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft Patch Tuesday security updates for January 2026 release…
-
Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day
Microsoft Patch Tuesday addressed 112 security flaws across Windows, Office, Azure, Edge, and more, including eight critical vulnerabilities, kicking off the new year with a major patch update. Microsoft Patch Tuesday security updates for January 2026 release 112 CVEs affecting Windows, Office, Azure, Edge, SharePoint, SQL Server, SMB, and Windows management services. Including third-party Chromium…
-
Microsoft updates Windows DLL that triggered security alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dll-that-triggered-security-alerts/
-
Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/
-
Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/
-
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.”An improper neutralization of special elements used in an OS command (‘OS…
-
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by…