Tag: update
-
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
-
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK’s National Cyber Security Centre is urging organizations to prepare for glut of new software updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warns-aifuelled-vulnerability/
-
Critical Android Zero-Click Vulnerability Enables Remote Shell Access
Google has released the Android Security Bulletin for May 2026, addressing a highly critical vulnerability that allows attackers to execute code remotely without any user interaction. Published on May 4, 2026, the latest security update focuses heavily on a severe flaw located within the Android System component. Threat actors can exploit this vulnerability to gain…
-
Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution Threats
Tags: apache, cve, cyber, flaw, malicious, remote-code-execution, software, threat, update, vulnerabilityThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at risk. Understanding the Vulnerability The newly discovered security flaw is classified as a…
-
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
Tags: access, ai, cybersecurity, exploit, framework, government, group, infrastructure, malicious, openai, risk, software, technology, update, vulnerabilityThe Mythos factor: The discussion follows Anthropic’s recent introduction of Mythos, a model the company has described as representing a watershed moment for cybersecurity.Anthropic has said Mythos Preview has found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, and that AI models have reached a level of coding capability…
-
U.S. Officials Consider Three-Day Patch Rule in Wake of Anthropic’s Mythos
Reuters reported that U.S. cybersecurity officials are weighing cutting the time federal agencies have to fix critical vulnerabilities from two weeks to three days after Anthropic’s Mythos AI model raises the specter of even faster attacks. Security pros say the idea is a good one, but it may be difficult for organizations to implement it.…
-
How Mythos Signals Cybersecurity Disruption
Tags: access, ai, attack, banking, browser, business, cybersecurity, data, exploit, finance, government, hacker, healthcare, infrastructure, microsoft, open-source, risk, software, technology, tool, update, vulnerability, zero-dayWhat is Mythos Mythos is Anthropic’s latest AI model, and it is stirring up a tornado of concern in cybersecurity circles. Even before its release, Mythos discovered thousands of new sensitive vulnerabilities in commercial and open-source software, including all major operating systems and web browsers. One was in existence for over 27 years without the industry…
-
Microsoft Defender Flags DigiCert Certificates as Malware
A Microsoft Defender update misclassified DigiCert certificates, disrupting trust before a fix was issued. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-defender-flags-digicert-certificates-as-malware/
-
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The First seen…
-
New MOVEit vulnerabilities prompt urgent patch warning
Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
-
Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware
What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them…The…
-
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/
-
Probleme mit VSS: Windows-11-Update macht Backup-Tools unbrauchbar
Nutzer mehrerer Backup-Lösungen können seit dem April-Patchday unter Windows 11 keine Datensicherung mehr erstellen. Es kommt zu einem Timeout. First seen on golem.de Jump to article: www.golem.de/news/probleme-mit-vss-windows-11-update-macht-backup-tools-unbrauchbar-2605-208274.html
-
Microsoft confirms April Windows updates cause backup failures
Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-backup-failures-caused-by-vulnerable-driver-block/
-
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers…
-
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/anthropic-claude-security-public-beta/
-
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, threat, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This active exploitation has prompted urgent patching mandates for federal agencies and strong recommendations for private organizations worldwide.…
-
How CISOs should utilize data security posture management to inform risk
Tags: access, ai, automation, business, ciso, compliance, control, cyber, data, detection, finance, iam, incident response, monitoring, open-source, remote-code-execution, risk, service, siem, software, tool, update, vulnerabilityApplying the principles at any maturity level: Whether you’re working with a full DSPM platform, a lightweight open-source scanner or even manual data inventories, CISOs can use this thinking to apply quantification (or at least an order of magnitude) to risk decisions. For example, you may have a written policy in place that a database…
-
Update-Panne: Microsoft Defender löscht Root-Zertifikate von Digicert
Auf zahlreichen Windows-Systemen hat der Microsoft Defender in den letzten Tagen Fehlalarme ausgelöst und Digicert-Zertifikate gelöscht. First seen on golem.de Jump to article: www.golem.de/news/update-panne-microsoft-defender-loescht-root-zertifikate-von-digicert-2605-208250.html
-
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field…
-
Windows shell spoofing vulnerability puts sensitive data at risk
A difficult balance: Erik Avakian, technical counselor at Info-Tech Research Group, noted that when it set the patching deadline, CISA had been operating within the guidelines laid down in Binding Operational Directive (BOD) 22-01, which requires US federal agencies to patch vulnerabilities within the timelines outlined under the policy, which range from 14 to 21…
-
Brace for the patch tsunami: AI is unearthing decades of buried code debt
Britain’s cyber agency says the bill for years of technical shortcuts is coming due, and it’s arriving all at once First seen on theregister.com Jump to article: www.theregister.com/2026/05/02/ncsc_brace_for_patch_tsunami/
-
Microsoft releases first big update after Nadella’s vow to ‘win back fans’
Lots of fixes, some performance tweaks. Fingers crossed there’s no out-of-band patch to follow First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/microsoft_release_first_big_update/
-
Anthropic Opens Claude Security for Wider Public
Flaw Finding Model Integrated into a Slew of Cybersecurity Platforms. Claude artificial intelligence maker Anthropic announced Thursday wider availability of a model it described as its second-most powerful model for finding and patching software flaws. Anthropic is making Claude Security available as a public beta for enterprise customers. First seen on govinfosecurity.com Jump to article:…
-
Canonical Hit by Sustained DDoS Attack, Disrupting Ubuntu Services Worldwide
A DDoS attack on Canonical has disrupted key Ubuntu services and patching workflows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/canonical-hit-by-sustained-ddos-attack-disrupting-ubuntu-services-worldwide/
-
Federal agencies must patch cPanel bug by Sunday, CISA says
Incident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-federal-agencies-to-patch-cpanel-bug
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
-
CyberStrong Product Update: What’s New in Release 4.15
<div cla CyberStrong 4.15 is here, and this release is packed with improvements across the platform, from expanded workflow capabilities and bulk data import to deeper asset group intelligence and a cleaner user experience throughout. Here’s a look at everything that’s new. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/cyberstrong-product-update-whats-new-in-release-4-15/
-
British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery
Britain’s cyber agency warned that organizations should prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security flaws, raising the risk of widespread exploitation. First seen on therecord.media Jump to article: therecord.media/british-cyber-ai-patch-wave