Tag: update

Schwachstelle für Malware-Verteilung genutzt – Notfall-Update für kritische RCE-Sicherheitslücke in WSUS

Dec 2, 2025 5:49 PM

Tags: bug, malware, rce, remote-code-execution, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-notfall-patch-kritische-wsus-sicherheitsluecke-a-d338bab93ebc2563e1999cae18f17e00/
KB5070311 triggers File Explorer white flash in dark mode

Dec 2, 2025 3:49 PM

Tags: microsoft, update, windows

Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-kb5070311-triggers-file-explorer-bright-white-flashes-in-dark-mode/
freiwillig statt aufgezwungen – Die Debatte um die Chatkontrolle ist zurück

Dec 2, 2025 3:49 PM

Tags: update

First seen on security-insider.de Jump to article: www.security-insider.de/chatkontrolle-eu-verordnung-2025-a-bf479daa88c260b47ff4c294e8cec927/
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Dec 2, 2025 1:50 PM

Tags: cybersecurity, software, update, vulnerability, vulnerability-management

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly…
Add-ons für Chrome und Edge: 4,3 Millionen Geräte per Update mit Malware infiziert

Dec 2, 2025 1:50 PM

Tags: browser, chrome, exploit, hacker, malware, update

Hacker haben über mehrere Jahre hinweg zunächst harmlose Erweiterungen für Chrome und Edge veröffentlicht. Doch dann sind Updates mit Schadcode gekommen. First seen on golem.de Jump to article: www.golem.de/news/add-ons-fuer-chrome-und-edge-4-3-millionen-geraete-per-update-mit-malware-infiziert-2512-202816.html
Windows 11 KB5070311 update fixes File Explorer freezes, search issues

Dec 2, 2025 12:49 PM

Tags: microsoft, update, windows

Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
Windows 11 KB5070311 update fixes File Explorer freezes, search issues

Dec 2, 2025 12:49 PM

Tags: microsoft, update, windows

Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks

Dec 2, 2025 12:49 PM

Tags: attack, cyber, dos, flaw, hacker, network, open-source, service, update, vpn, vulnerability

Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
OpenVPN Flaws Allow Hackers to Launch DoS Attacks and Bypass Security Checks

Dec 2, 2025 12:49 PM

Tags: attack, cyber, dos, flaw, hacker, network, open-source, service, update, vpn, vulnerability

Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essential security checks, or read sensitive memory data. The OpenVPN development team has released urgent updates to address these issues, and administrators are…
Google’s latest Android security update fixes two actively exploited flaws

Dec 2, 2025 11:49 AM

Tags: android, exploit, flaw, google, update, vulnerability

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. Here’s a concise summary under 160 characters: December’s Android update offers two patch levels (12-01,…
Google’s latest Android security update fixes two actively exploited flaws

Dec 2, 2025 11:49 AM

Tags: android, exploit, flaw, google, update, vulnerability

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. Here’s a concise summary under 160 characters: December’s Android update offers two patch levels (12-01,…
Windows Update Orchestration Platform – Microsofts neue Infrastruktur für einheitliche Updates unter Windows

Dec 2, 2025 11:49 AM

Tags: infrastructure, microsoft, update, windows

First seen on security-insider.de Jump to article: www.security-insider.de/windows-update-orchestration-platform-patch-management-a-d6653a1b38e0c56ad03c83324a3daaaf/
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Dec 2, 2025 9:49 AM

Tags: android, exploit, flaw, framework, google, update, vulnerability

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.The two high-severity shortcomings First…
Google addresses 107 Android vulnerabilities, including two zero-days

Dec 1, 2025 11:49 PM

Tags: android, google, update, vulnerability, zero-day

The company’s latest security update contains the second-highest number of defects patched so far this year. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-december-2025/
SmartTube YouTube app for Android TV breached to push malicious update

Dec 1, 2025 8:49 PM

Tags: access, android, malicious, open-source, update

The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
What are zero-day attacks and why do they work?

Dec 1, 2025 6:49 PM

Tags: access, antivirus, attack, breach, bug-bounty, cyber, cybersecurity, data, detection, edr, email, endpoint, espionage, exploit, government, group, hacker, infrastructure, intelligence, malicious, mobile, network, phishing, risk, service, software, spear-phishing, strategy, supply-chain, tactics, threat, tool, unauthorized, update, vulnerability, vulnerability-management, zero-day, zero-trust

No available patch: These exploits are unknown to both vendors and defenders, meaning they have not been identified and patched yet, leaving the door open for attackers.High-value targets: These attacks are often used in cyber espionage, ransomware campaigns, and advanced persistent threats (APTs) to target high-value assets with sensitive data.Difficult to detect: These exploits often are missed by traditional detection tools, especially…
Contagious Interview attackers go ‘full stack’ to fool developers

Dec 1, 2025 5:49 PM

Tags: attack, control, credentials, crypto, data, endpoint, exploit, github, infrastructure, intelligence, macOS, malicious, malware, open-source, social-engineering, supply-chain, theft, threat, update, windows, worm

Coding tasks lead to malware delivery: These defensive measures are effective because Contagious Interview’s entry vector relies heavily on social engineering, using fake interview tasks to trick developers into installing compromised dependencies.The campaign exploits NPM, a widely used package registry for JavaScript and Node.js, by publishing packages that appear benign but carry hidden payloads. The…
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process

Dec 1, 2025 3:49 PM

Tags: cyber, flaw, malicious, software, update, vulnerability

Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup. The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software.…
Airbus Nears Completion of A320 Retrofit as Regulators Monitor Largest Emergency Recall in Company History

Dec 1, 2025 2:49 PM

Tags: service, software, update, vulnerability

Airbus has entered the final phase of its unprecedented global retrofit effort, confirming that fewer than 100 A320s in service still require updates after the discovery of a software vulnerability that triggered the largest emergency recall the manufacturer has ever executed. The company disclosed on Monday that nearly the entire A320-family fleet, about 6,000 aircraft…
Gemini 3 aus Sicht der IT-Sicherheit Der KI-Assistent als Geschäftsgrundlage

Dec 1, 2025 2:49 PM

Tags: ai, google, update

Am 18. November 2025 stellte Google die neueste Version seines KI-Assistenten vor: Gemini 3. Im Mittelpunkt der Schlagzeilen standen Leistungssteigerungen, multimodale Fähigkeiten und verbessertes Reasoning. Doch statt lediglich zu schauen, was die neue Version besser kann als die alte, sollten Führungskräfte sich die weitreichenden Implikationen dieses Updates vergegenwärtigen. Denn mit der Veröffentlichung von Gemini 3…
Microsoft bestätigt Bug: Windows-11-Update lässt Passwortin verschwinden

Dec 1, 2025 9:49 AM

Tags: microsoft, password, update, windows

Windows 11 bereitet Anwendern schon seit Monaten Probleme bei der Anmeldung mittels Passwort. Microsoft liefert bisher nur einen Workaround. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-bug-windows-11-update-laesst-passwort-log-in-verschwinden-2512-202758.html
Microsofts Update Health Tools (KB4023057) war per RCE angreifbar

Nov 30, 2025 12:49 AM

Tags: microsoft, rce, remote-code-execution, service, tool, update, windows

Die Microsofts Update Health Tools (KB4023057) Deutsch “Integritätstools Windows Update Service-Komponenten” war in der Version 1.0 angreifbar und ermöglichte Remote Code Execution-Angriffe. In der Version 1.1 sind zumindest Systeme für den EU-Bereich geschützt, wenn ich es richtig interpretiere. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/microsofts-update-health-tools-kb4023057-war-per-rce-angreifbar/
Windows updates make password login option invisible

Nov 28, 2025 7:49 PM

Tags: login, microsoft, password, update, windows

Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-updates-hide-password-icon-on-lock-screen/
Google-Antigravity-Lücke: KI-Coding-Tool anfällig für Angriffe

Nov 28, 2025 3:49 PM

Tags: access, ai, backdoor, bug, cyberattack, exploit, google, tool, update, vulnerability

Eine Sicherheitslücke in Googles KI-Coding-Tool Antigravity erlaubt es Angreifern, Schadcode einzuschleusen.Anfang November brachte Google sein KI-gestütztes Coding-Tool Antigravity an den Start. Doch bereits nach 24 Stunden sind Forscher des Security-Anbieters Mindgard auf eine schwerwiegende Schwachstelle gestoßen, über die eine dauerhafte Backdoor und Schadcode installiert werden kann.Der kürzlich veröffentlichte Forschungsbericht weist darauf hin, dass sich das…
RomCom tries dropping a notromantic payload on Ukraine-linked US firms

Nov 28, 2025 1:49 PM

Tags: attack, defense, detection, endpoint, government, group, malicious, monitoring, threat, ukraine, update

Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
RomCom tries dropping a notromantic payload on Ukraine-linked US firms

Nov 28, 2025 1:49 PM

Tags: attack, defense, detection, endpoint, government, group, malicious, monitoring, threat, ukraine, update

Target profile focused on Ukraine support: The second major insight from the report concerns victim selection. The targeted firm was not a defense contractor or a government body but a civil engineering company in the US. Its only notable link was past work involving a Ukraine-affiliated city.According to Arctic Wolf, the incident fits RomCom’s broader…
Microsoft Blocks External Scripts in Entra ID Logins to Boost Security

Nov 28, 2025 6:49 AM

Tags: cloud, cyber, identity, login, microsoft, unauthorized, update

Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop unauthorized or injected code from executing on the login page. It is part of Microsoft’s broader Secure Future Initiative to harden its cloud identity platform.…
Quttera Launches >>Evidence-as-Code<< API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Nov 27, 2025 6:49 PM

Tags: ai, api, compliance, cyber, intelligence, malware, PCI, soc, threat, update

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit…
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Nov 27, 2025 5:49 PM

Tags: attack, authentication, injection, login, microsoft, unauthorized, update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now.The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run.”This update strengthens security and adds an…