Collecting Cyber-News from over 60 sources

Tag: update

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

May 1, 2026 4:39 PM

Tags: browser, chrome, flaw, google, update, vulnerability

Google patched 30 Chrome vulnerabilities, including four Critical flaws. Here’s what users should know and how to update Chrome and Firefox. The post Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-30-vulnerabilities-april-2026/
Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones

May 1, 2026 4:39 PM

Tags: android, control, phone, update

Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches. The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-samsung-one-ui-8-5-galaxy-security-battery-drain/
Windows 11 KB5083631 update released with 34 changes and fixes

May 1, 2026 12:46 PM

Tags: microsoft, startup, update, windows

Microsoft has released the KB5083631 optional cumulative update for Windows 11, which includes 34 changes, such as a new Xbox mode for Windows PCs, enhanced security and performance for batch files, and performance improvements for launching startup apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5083631-update-released-with-34-changes-and-fixes/
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

May 1, 2026 11:39 AM

Tags: access, attack, control, firmware, flaw, service, unauthorized, update, vulnerability

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services,…
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data

May 1, 2026 11:39 AM

Tags: cyber, data, dns, flaw, leak, mail, malicious, software, update, vulnerability

The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potentially leak sensitive system data. Mail server administrators are strongly advised to apply these fixes immediately…
Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets

May 1, 2026 10:39 AM

Tags: ai, cyber, flaw, network, risk, update, vulnerability

The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The most critical bugs in this release allow for possible arbitrary code execution, elevating the risk…
Microsoft Windows 11 April 2026 Security Update Disrupts Third-Party Backup Tools

May 1, 2026 7:42 AM

Tags: backup, cyber, flaw, microsoft, service, tool, update, windows

The April 2026 security update for Windows 11, designated as KB5083769, is causing severe disruptions for users relying on third-party backup solutions. Deployed for Windows 11 versions 24H2 and 25H2, this patch introduces a critical flaw that breaks the Microsoft Volume Shadow Copy Service (VSS). Because VSS is a fundamental component for taking safe, point-in-time…
Malicious PyTorch Lightning Packages Found on PyPI

May 1, 2026 5:39 AM

Tags: attack, best-practice, breach, cloud, control, credentials, data, data-breach, detection, endpoint, exploit, github, infrastructure, malicious, malware, network, open-source, pypi, risk, service, supply-chain, threat, tool, unauthorized, update

<div cla TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise. Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions. If downloaded, these malicious versions have likely…
‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform

May 1, 2026 1:39 AM

Tags: ai, api, attack, business, cloud, data, flaw, governance, intelligence, risk, tool, update, vulnerability

Bridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface, eliminate noise, and focus on the risks that matter most. Key takeaways As frontier AI models like Claude accelerate the pace of vulnerability discovery, security programs must shift their…
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

Apr 30, 2026 11:38 PM

Tags: ai, exploit, linux, software, update

The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-assisted-software-scan-linux-bug
Patch management goes from hard, to ludicrous in the agentic AI era

Apr 30, 2026 10:38 PM

Tags: ai, control, cyber, update

The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
Patch management goes from hard, to ludicrous in the agentic AI era

Apr 30, 2026 10:38 PM

Tags: ai, control, cyber, update

The release of agentic AI is compressing the nature of patch management and how defenders must prepare for the future of cyber attacks. This is increasing pressure on patch velocity, compensating controls, and dependency visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/patch-management-goes-from-hard-to-ludicrous-in-the-agentic-ai-era/
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability

Apr 30, 2026 8:38 PM

Tags: access, ai, attack, browser, cisa, cloud, container, crypto, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, linux, mitigation, ransomware, risk, tool, update, vulnerability

A flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability in the Linux kernel reportedly affecting virtually every major distribution released…
April KB5083769 Windows 11 update causes backup software failures

Apr 30, 2026 6:38 PM

Tags: backup, software, update, windows

The April 2026 KB5083769 security update breaks third-party backup applications from multiple vendors on systems running Windows 11 24H2 and 25H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/april-kb5083769-windows-11-update-causes-backup-software-failures/
Linux ‘Copy Fail’ Flaw Delivers Root-Level Access to Distros

Apr 30, 2026 5:39 PM

Tags: access, ai, api, cryptography, exploit, flaw, linux, update, vulnerability

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of Scanning. Patch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted…
cPanel zero-day exploited for months before patch release (CVE-2026-41940)

Apr 30, 2026 4:39 PM

Tags: authentication, control, exploit, update, vulnerability, zero-day

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
Beschluss des Bundeskabinetts – Eco-Verband kritisiert Entwurf zur Vorratsdatenspeicherung

Apr 30, 2026 3:38 PM

Tags: update

First seen on security-insider.de Jump to article: www.security-insider.de/bundesregierung-speicherung-ip-adressen-strafverfolgung-a-ab1468c163bff66eaf34b190211cc48e/
Proxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobs

Apr 30, 2026 12:39 PM

Tags: backup, jobs, update

Proxmox Backup Server 4.2 is a maintenance and feature update built on Debian 13.4 >>Trixie<< that adds S3-compatible object storage as a supported backend and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/proxmox-backup-server-4-2-released/
Stopping the quiet drift toward excessive agency with re-permissioning

Apr 30, 2026 11:38 AM

Tags: access, ai, api, attack, ciso, control, data, finance, framework, injection, least-privilege, network, risk, risk-management, service, supply-chain, tool, unauthorized, update

Excessive agency directly proportional to over-permissioning: Organizations are worried about the level of autonomy AI introduces into their operational framework. Nearly three-quarters of organizations say agents often receive more access than necessary. It’s this excessive agency that needs to be reined in.In practice, unchecked autonomy within a particular workflow means the agent can access systems…
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs

Apr 30, 2026 11:38 AM

Tags: advisory, bug-bounty, cyber, flaw, threat, update, vulnerability, xss

The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute arbitrary code or hijack user sessions. All vulnerabilities were responsibly disclosed through the Jenkins Bug Bounty Program, which the…
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery

Apr 30, 2026 11:38 AM

Tags: backdoor, cyber, injection, malicious, update, wordpress

A long-dormant backdoor has been uncovered in the >>Quick Page/Post Redirect Plugin,<< a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism. On every page viewed by a logged-out user, the plugin connected to a third-party server…
9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

Apr 30, 2026 10:39 AM

Tags: access, linux, update, vulnerability

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure. First seen on hackread.com Jump to article: hackread.com/linux-kernel-vulnerability-copy-fail-full-root-access/
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Apr 30, 2026 5:39 AM

Tags: access, apt, attack, china, computing, cyber, defense, espionage, exploit, framework, group, iran, leak, malicious, malware, network, open-source, programming, service, software, stuxnet, threat, tool, update, windows

fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Apr 30, 2026 5:39 AM

Tags: credentials, exploit, flaw, microsoft, risk, update, windows

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-zero-click-flaw-incomplete-patch/
Visual Studio Code 1.118 adds auto model selection to Copilot CLI

Apr 30, 2026 1:38 AM

Tags: microsoft, update

Microsoft’s editor releases continue on a monthly cadence, with the Insiders build of Visual Studio Code 1.118. The update concentrates on the Copilot CLI integration, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/30/visual-studio-code-1-118-released/
Microsoft’s patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Apr 29, 2026 9:40 PM

Tags: attack, exploit, flaw, microsoft, russia, update, windows, zero-day

Second try’s a charm? First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/microsoft_zero_click_exploit/
cPanel, WHM emergency update fixes critical auth bypass bug

Apr 29, 2026 6:39 PM

Tags: access, control, exploit, update, vulnerability

A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug/
Microsoft won’t patch PhantomRPC: Feature or bug?

Apr 29, 2026 5:39 PM

Tags: exploit, microsoft, update

A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/microsoft-wont-patch-phantomrpc-feature-or-bug/
All supported cPanel versions hit by critical auth bug, now patched

Apr 29, 2026 4:39 PM

Tags: access, authentication, control, data-breach, flaw, risk, unauthorized, update, vulnerability

cPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control panel. The flaw affects all supported versions, raising serious risks for exposed servers. cPanel is a…