Tag: update

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

Feb 9, 2026 10:14 AM

Tags: access, authentication, exploit, flaw, rce, remote-code-execution, update, vulnerability

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution.”BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability,” the company First seen on…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Feb 8, 2026 11:14 AM

Tags: attack, awareness, open-source, supply-chain, threat, update, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/08/week-in-review-notepad-supply-chain-attack-details-and-targets-patch-tuesday-forecast/
CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

Feb 6, 2026 3:14 PM

Tags: cisa, cybersecurity, infrastructure, network, risk, update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months.The agency said the move is to drive down technical…
CISA gives federal agencies 18 months to purge unsupported edge devices

Feb 6, 2026 2:14 PM

Tags: authentication, cisa, cyber, data, exploit, firmware, Hardware, infrastructure, monitoring, network, risk, risk-assessment, service, software, technology, threat, update

Implementation hurdles: Sunil Varkey, advisor at Beagle Security, warns of implementation complexities. “The operational reality of removing legacy systems is not straightforward,” Varkey said. “Legacy devices continue to exist not by design, but by necessity.”He pointed to orphaned systems that remain live and embedded in workflows but lack clear ownership, and operational technology environments where…
Russische Hacker greifen an – Microsoft schließt Zero Day in Office im Eiltempo

Feb 6, 2026 11:13 AM

Tags: hacker, microsoft, office, update, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-sicherheitsluecke-cve-2026-21509-office-update-a-bcf2b30c791d0772c56512f96c0c97f1/
CISA orders federal agencies to replace endlife edge devices

Feb 6, 2026 10:13 AM

Tags: cisa, cybersecurity, infrastructure, network, update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-replace-end-of-life-edge-devices/
February 2026 Patch Tuesday forecast: Lots of OOB love this month

Feb 6, 2026 9:13 AM

Tags: microsoft, update

Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/06/february-2026-patch-tuesday-forecast/
Spam Campaign Distributes Fake PDFs, Deploys Remote Monitoring Tools for Ongoing Access

Feb 6, 2026 7:13 AM

Tags: access, adobe, control, cyber, email, malicious, monitoring, social-engineering, software, spam, threat, tool, update

An ongoing spam campaign that leverages social engineering to deploy legitimate Remote Monitoring and Management (RMM) software on victim networks. By disguising malicious payloads as essential Adobe Acrobat updates, threat actors are successfully bypassing traditional security controls and establishing persistent remote access to sensitive systems. The campaign begins with a deceptive email delivering a PDF…
News brief: Patch critical and high-severity vulnerabilities now

Feb 6, 2026 12:16 AM

Tags: update, vulnerability

Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366638312/News-brief-Patch-critical-and-high-severity-vulnerabilities-now
News brief: Patch critical and high-severity vulnerabilities now

Feb 6, 2026 12:16 AM

Tags: update, vulnerability

Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366638312/News-brief-Patch-critical-and-high-severity-vulnerabilities-now
CISA Directs Federal Agencies to Update Edge Devices

Feb 5, 2026 11:17 PM

Tags: cisa, cybersecurity, infrastructure, network, update

Binding Directive Requires Inventories and Replacements. U.S. federal agencies have 12 months to start replacing risky network appliances running past their vendor support cutoff date under a directive published Thursday by U.S. Cybersecurity and Infrastructure Security Agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-directs-federal-agencies-to-update-edge-devices-a-30689
Chrome Vulnerabilities Allow Code Execution, Browser Crashes

Feb 5, 2026 10:28 PM

Tags: browser, chrome, flaw, google, malicious, update, vulnerability

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-february-2026/
Palo Alto Networks Revamps NextWave Program: 5 Biggest Updates

Feb 5, 2026 4:14 PM

Tags: ai, network, training, update

Palo Alto Networks is unveiling a major set of updates to its NextWave Partner Program including expanded incentives and new AI-powered training, along with increased expectations for top partners around driving platform adoption, Channel Chief Michael Khoury tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/palo-alto-networks-revamps-nextwave-program-5-biggest-updates
n8n Vulnerability Allows Remote Attackers to Hijack Systems via Malicious Workflow Execution

Feb 5, 2026 3:14 PM

Tags: cyber, flaw, malicious, remote-code-execution, update, vulnerability

n8n has released urgent security updates to address a critical vulnerability that exposes host systems to Remote Code Execution (RCE). Tracked as CVE-2026-25049, this flaw allows authenticated attackers to escape the expression evaluation sandbox and execute arbitrary system commands, potentially leading to a complete compromise of the underlying infrastructure. This disclosure comes shortly after the remediation…
n8n security woes roll on as new critical flaws bypass December fix

Feb 5, 2026 1:24 PM

Tags: access, flaw, update

Patch meant to close a severe expression bug fails to stop attackers with workflow access First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/n8n_security_woes_roll_on/
Building trust with the board through evidence-based proof

Feb 5, 2026 12:14 PM

Tags: backup, business, cio, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, incident, insurance, mitigation, regulation, resilience, risk, strategy, tool, update

Building a common language to get to “Here’s the proof of cyber resilience”: CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an…
US FDA Reissues Cybersecurity Guidance to Reflect QMSR Transition and ISO 13485 Alignment

Feb 5, 2026 11:14 AM

Tags: cybersecurity, framework, regulation, update

The US Food and Drug Administration (FDA) has reissued its final guidance on medical device cybersecurity to reflect the agency’s transition from the Quality System Regulation (QSR) to the Quality System Management Regulation (QMSR). The updated FDA cybersecurity guidance was published on 4 February, just two days after the QMSR officially took effect. The revision…
Go”¯1.25.7 and Go”¯1.24.13 Released With Patches for Multiple Security Vulnerabilities

Feb 5, 2026 11:14 AM

Tags: authentication, cyber, update, vulnerability

The Go team has officially released versions 1.25.7 and 1.24.13. These minor point releases address two distinct security vulnerabilities affecting the cmd/cgo command and the crypto/tls library. The updates are recommended for all users to prevent potential code smuggling and authentication bypass scenarios. Overview of the Vulnerability cmd/cgo: Code Smuggling via Comment Parsing The first vulnerability, tracked as CVE-2025-61732, affects the cmd/cgo tool, which enables…
Software supply chain risks join the OWASP top 10 list, access control still on top

Feb 5, 2026 9:13 AM

Tags: access, ai, attack, authentication, backdoor, backup, breach, cloud, computer, control, credentials, cybersecurity, data, data-breach, defense, encryption, flaw, governance, identity, injection, LLM, login, malicious, mfa, open-source, password, risk, software, sql, supply-chain, threat, unauthorized, update, vulnerability

1 Broken access control When applications fail to properly enforce restrictions on what authenticated users are allowed to do, allowing attackers to access unauthorized functionality or data. For example, an attacker might manipulate an URL parameter to access another user’s account information or escalate their privileges from a regular user to an administrator. This item…
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution

Feb 5, 2026 7:13 AM

Tags: advisory, cyber, flaw, mobile, software, update, vpn, vulnerability, windows

WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11

Feb 5, 2026 6:14 AM

Tags: cyber, detection, microsoft, threat, tool, update, windows

Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3, 2026, this update embeds the popular Sysinternals tool directly into the operating system’s optional features.…
Microsoft releases urgent Office patch. Russian-state hackers pounce.

Feb 5, 2026 1:13 AM

Tags: hacker, microsoft, office, russia, update, vulnerability

The window to patch vulnerabilities is shrinking rapidly. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/russian-state-hackers-exploit-office-vulnerability-to-infect-computers/
CISA Makes Unpublicized Ransomware Updates to KEV Catalog

Feb 5, 2026 12:13 AM

Tags: cisa, cve, kev, network, ransomware, update

A third of the flipped CVEs affected network edge devices, leading one researcher to conclude, Ransomware operators are building playbooks around your perimeter. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisa-hidden-ransomware-updates-kev-catalog
Notepad++ Users, You May Have Been Hacked by China

Feb 4, 2026 10:14 PM

Tags: china, hacker, infrastructure, update

Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows. First seen on wired.com Jump to article: www.wired.com/story/notepad-plus-plus-china-hackers-update-infrastructure/
Critical SolarWinds Web Help Desk bug under attack

Feb 4, 2026 8:15 PM

Tags: attack, update

US agencies told to patch by Friday First seen on theregister.com Jump to article: www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)

Feb 4, 2026 6:14 PM

Tags: access, attack, breach, business, cloud, control, data, data-breach, endpoint, exploit, flaw, google, infrastructure, injection, intelligence, leak, malicious, rce, remote-code-execution, risk, saas, spam, sql, threat, update, vulnerability

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
CISA warns of five-year-old GitLab flaw exploited in attacks

Feb 4, 2026 5:13 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, gitlab, government, infrastructure, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
Russian hackers exploited a critical Office bug within days of disclosure

Feb 4, 2026 2:13 PM

Tags: access, attack, cisa, cloud, control, cve, data, data-breach, detection, email, espionage, exploit, flaw, framework, github, group, hacker, infection, intelligence, kev, malicious, malware, microsoft, mitigation, office, risk, russia, update, vulnerability, windows

One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
Critical ASUSTOR NAS Security Flaw Enables Complete Device Takeover

Feb 4, 2026 1:13 PM

Tags: control, cvss, cyber, data, flaw, network, update, vulnerability

A severe vulnerability affecting ASUSTOR Network Attached Storage (NAS) devices has been disclosed, potentially allowing unauthenticated attackers to seize full control of affected systems. Tracked as CVE-2026-24936, this critical flaw carries a CVSS v4.0 base score of 9.5, highlighting the urgency for administrators to apply available updates immediately. The vulnerability resides within the ASUSTOR Data Master (ADM)…