Tag: update

Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks

Apr 2, 2026 8:50 AM

Tags: authentication, finance, fintech, framework, mfa, passkey, risk, update

Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/bank-negara-malaysia-rmit-update-new-authentication-rules-for-fintech-and-banks/
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation, Patch Released

Apr 1, 2026 4:29 PM

Tags: browser, chrome, cve, exploit, flaw, google, open-source, update, vulnerability, zero-day

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.”Use-after-free in Dawn in Google Chrome prior…
Zero-Day-Schwachstelle in abgehärteten Videokonferenz-Tool Trueconf

Apr 1, 2026 3:30 PM

Tags: bug, exploit, malware, phishing, software, tool, update, vulnerability, zero-day

Check Point Research (CPR) hat eine bisher unbekannte Zero-Day-Sicherheitslücke in der Videokonferenz-Software <> aufgedeckt. Wie die Sicherheitsforscher von Check Point Software Technologies herausfanden, konnten Angreifer vertrauenswürdige, lokal installierte Software-Updates missbrauchen. Sie verbreiteten so unbemerkt Malware in mehreren südostasiatischen Behörden und Regierungsapparaten. Die Täter mussten also weder auf Phishing, also den Diebstahl von Anmeldedaten, noch auf Exploits…
CIS Benchmarks March 2026 Update

Apr 1, 2026 3:30 PM

Tags: Internet, update

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/cis-benchmarks-march-2026-update/
Google Warns of New Chrome Zero-Day Under Active Exploitation Users Urged to Update Immediately

Apr 1, 2026 3:30 PM

Tags: browser, chrome, cyber, exploit, flaw, google, linux, threat, update, vulnerability, windows, zero-day

Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.178 for Windows and Mac, or 146.0.7680.177 for Linux . Active Zero-Day Threat The most…
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature

Apr 1, 2026 3:30 PM

Tags: cyber, cybersecurity, data, microsoft, privacy, update

Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images. These upcoming changes are designed to protect user privacy by default, streamline biometric data management, and enforce modern browser security standards across the platform. For cybersecurity professionals…
Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability

Apr 1, 2026 2:29 PM

Tags: browser, chrome, exploit, flaw, google, update, vulnerability

Google has released a Stable Channel Update for Chrome, addressing 21 security vulnerabilities, including a high-profile code smuggling vulnerability that is actively being exploited in the wild. The update rolled out on Wednesday night. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-stable-channel-update-security/
Airlock-Microgateway 5.0 sichert Handlungsfähigkeit in Kubernetes nach dem Ende von Ingress-NGINX

Apr 1, 2026 2:29 PM

Tags: kubernetes, update

Das Airlock-Microgateway 5.0 ist ab sofort verfügbar und unterstützt Unternehmen dabei, ihre Kubernetes-Cluster nach dem Support-Ende von Ingress-NGINX zukunftssicher zu betreiben. Der Handlungsbedarf ist für viele Plattformteams akut: Seit Ende März gibt es keine weiteren Releases, Bugfixes oder Security-Updates für den weit verbreiteten Kubernetes-Ingress-Controller. Für viele Organisationen ist das ein sicherheitsrelevanter Wendepunkt. Erst Anfang Februar…
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw

Apr 1, 2026 11:29 AM

Tags: backup, cve, cyber, exploit, flaw, update, vulnerability

A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an urgent need for administrators to update to version 2.3.4. Backup Integrity Bypass Flaw The vulnerability stems from a circular trust model where…
Erneute massive Attacke – EU-Kommission bestätigt schweren Cyberangriff

Apr 1, 2026 11:29 AM

Tags: cyberattack, update

First seen on security-insider.de Jump to article: www.security-insider.de/eu-kommission-cyberangriff-mobile-infrastruktur-a-7fb908e67c59c438e067a4fe9fc128c5/
Darksword: Apple bringt Exploit-Patch für weitere iPhones

Apr 1, 2026 10:34 AM

Tags: apple, exploit, iphone, update

Wer nicht auf iOS 26 aktualisieren will und weiter iOS 18 verwendet, ist bisher vor dem Darksword-Exploit ungeschützt gewesen. First seen on golem.de Jump to article: www.golem.de/news/darksword-apple-bringt-exploit-patch-fuer-weitere-iphones-2604-207142.html
Windows 11 Update Fixes Critical Installation Loop Problem

Apr 1, 2026 9:30 AM

Tags: cyber, microsoft, update, windows

Microsoft has rolled out an urgent, out-of-band update to fix a frustrating installation glitch plaguing Windows 11 users. On March 31, 2026, the company released KB5086672 to rescue devices trapped in an update loop caused by the recent March 26 preview release. When users attempted to install that specific package, their systems would abruptly fail…
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks

Apr 1, 2026 9:30 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, government, update, vulnerability, zero-day

Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities in Southeast Asia. Dubbed >>Operation TrueChaos,<< the campaign uses the application's trusted update system to deliver the Havoc post-exploitation…
New Windows 11 emergency update fixes preview update install issues

Apr 1, 2026 8:30 AM

Tags: microsoft, update, windows

Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-11-kb5086672-emergency-update-fixes-install-issues/
Low statt Critical – KI-Patch-Dienst stuft Schwachstelle fatal falsch ein

Apr 1, 2026 6:31 AM

Tags: ai, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/llm-falsche-priorisierung-rce-ticket-low-critical-a-c5de65fa74f6df41233b76be4ed05e85/
Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool

Apr 1, 2026 5:30 AM

Tags: apple, hacking, iphone, tool, update

As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26. First seen on wired.com Jump to article: www.wired.com/story/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool/
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Mar 31, 2026 10:30 PM

Tags: api, backup, data, dos, exploit, malicious, rce, remote-code-execution, threat, tool, update, vulnerability

/run/bigtlog.pipe and /run/bigstart.ltm and makes changes to system binaries, including /usr/bin/umount and /usr/sbin/httpd. Attackers have also been observed modifying the sys-eicheck utility, which relies on RPM integrity checks to verify on-disk executables.Log analysis can reveal patterns related to the attack. The user “f5hubblelcdadmin” accessing the iControl REST API from localhost, SELinux disable commands in auditd…
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

Mar 31, 2026 7:30 PM

Tags: attack, cve, exploit, flaw, government, network, software, update, vulnerability, zero-day

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to…
Latest Xloader Obfuscation Methods and Network Protocol

Mar 31, 2026 6:31 PM

Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windows

Introduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection

Mar 31, 2026 6:31 PM

Tags: access, ai, api, attack, automation, business, cloud, container, control, cve, data, data-breach, exploit, framework, google, governance, iam, identity, intelligence, least-privilege, malicious, monitoring, network, remote-code-execution, risk, risk-analysis, service, software, strategy, supply-chain, threat, tool, unauthorized, update, vulnerability

Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against critical vulnerabilities, all designed to slash MTTR without disrupting your DevOps workflows. Key takeaways Automated governance via Explorer: Harness the power of Tenable’s unified data model, transforming…
Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

Mar 31, 2026 5:29 PM

Tags: banking, data, data-breach, finance, group, mobile, security-incident, software, update

Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused some customers to see other users’ account activity within the app, prompting the bank to…
OpenAI patches twin leaks as Codex slips and ChatGPT spills

Mar 31, 2026 3:29 PM

Tags: access, awareness, chatgpt, control, credentials, data, exploit, flaw, leak, malicious, openai, update

ChatGPT’s hidden outbound channel leaks user data: OpenAI has reportedly fixed a parallel bug in ChatGPT that goes beyond credential theft. Check Point researchers uncovered a hidden outbound communication path in ChatGPT’s code execution runtime that could be triggered with a single malicious prompt.This channel successfully bypassed the platform’s expected safeguards around external data sharing.…
CISA tells federal agencies to patch Citrix NetScaler bug by Thursday

Mar 31, 2026 3:29 PM

Tags: cisa, citrix, threat, update

The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk. First seen on therecord.media Jump to article: therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild

Mar 31, 2026 2:30 PM

Tags: cve, exploit, flaw, rce, remote-code-execution, update, vulnerability

F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. First seen on hackread.com Jump to article: hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
8 ways to bolster your security posture on the cheap

Mar 31, 2026 12:29 PM

Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day

2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
NCSC Urges Immediate Patching of F5 BIG-IP Bug

Mar 31, 2026 11:29 AM

Tags: cve, cyber, update

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-urges-immediate-patching-f5/
Patienten werden erpresst – Cyberangriff auf Greifswälder Klinik

Mar 31, 2026 11:29 AM

Tags: cyberattack, extortion, update

First seen on security-insider.de Jump to article: www.security-insider.de/cyberattacke-bdh-klinik-greifswald-lka-ermittelt-a-53e9c15dbc282a6c554d2f84ec720763/
CISA orders feds to patch actively exploited Citrix flaw by Thursday

Mar 31, 2026 9:31 AM

Tags: cisa, citrix, cybersecurity, exploit, flaw, government, infrastructure, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-citrix-flaw-by-thursday/
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now

Mar 31, 2026 8:29 AM

Tags: attack, exploit, flaw, hacker, remote-code-execution, service, update, vulnerability

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs

Mar 31, 2026 7:32 AM

Tags: cyber, flaw, update, vulnerability

Notepad++ rolled out version 8.9.3, an important update addressing a notable cURL security vulnerability and resolving multiple crash bugs. Alongside these vital security patches, this release marks the official completion of the application’s migration to a new XML parser, significantly improving the performance of configuration file operations. The most critical aspect of the v8.9.3 update…