Collecting Cyber-News from over 60 sources

Tag: update

The cyber perimeter was never dead. We just abandoned it.

Mar 13, 2026 9:10 AM

Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trust

Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
The cyber perimeter was never dead. We just abandoned it.

Mar 13, 2026 9:10 AM

Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trust

Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
Google fixes two new Chrome zero-days exploited in attacks

Mar 13, 2026 9:10 AM

Tags: attack, browser, chrome, exploit, google, update, vulnerability, zero-day

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code

Mar 13, 2026 9:10 AM

Tags: browser, chrome, cve, cyber, exploit, flaw, google, malicious, update, zero-day

Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…
OpenSSH GSSAPI Flaw Can Be Exploited to Crash SSH Child Processes

Mar 13, 2026 7:09 AM

Tags: cve, cyber, exploit, flaw, linux, service, update, vulnerability

A newly discovered vulnerability in the GSSAPI Key Exchange patch for OpenSSH is putting multiple Linux distributions at risk. Tracked as CVE-2026-3497, the flaw allows unauthenticated attackers to crash SSH child processes using a single crafted packet. This leads to reliable denial-of-service conditions and to privilege separation boundary violations. The issue was discovered by security…
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Mar 13, 2026 7:09 AM

Tags: backup, cve, exploit, flaw, remote-code-execution, software, update, veeam, vulnerability

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.The vulnerabilities are as follows -CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.CVE-2026-21667 ( First seen…
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
Apple patches Coruna exploit kit flaws for older iOS versions

Mar 13, 2026 12:10 AM

Tags: apple, exploit, flaw, update, vulnerability

Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/apple-patches-coruna-exploit-kit-flaws-for-older-ios-versions/
Medical giant Stryker crippled after Iranian hackers remotely wipe computers

Mar 12, 2026 9:11 PM

Tags: access, attack, authentication, best-practice, ceo, computer, credentials, cyber, cyberattack, data, flaw, group, hacker, identity, infrastructure, intelligence, iran, jobs, mobile, phone, service, software, supply-chain, theft, threat, update

Handala claims credit: The Handala threat group quickly claimed responsibility for the attack. While the group’s involvement is just a claim for now, Stryker employees reportedly saw a version of the Handala logo a cartoon of a Palestinian boy with his back turned and hands crossed behind him on affected devices.Handala’s identity is hard to…
Apple issues emergency fixes for Coruna flaws in older iOS versions

Mar 12, 2026 5:10 PM

Tags: apple, flaw, iphone, update, vulnerability

Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released security updates for legacy devices, rolling out iOS and iPadOS 16.7.15 and 15.8.7 to address vulnerabilities tied to the recently disclosed Coruna exploits. The patches aim to protect older iPhone and iPad…
Apple patches older iPhones and iPads against Coruna exploits

Mar 12, 2026 3:10 PM

Tags: apple, attack, crypto, cyberespionage, exploit, iphone, theft, update, vulnerability

Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/
Microsoft Authenticator could leak login codes”, update your app now

Mar 12, 2026 2:10 PM

Tags: android, authentication, leak, login, malicious, microsoft, update

A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/microsoft-authenticator-could-leak-login-codes-update-your-app-now/
PhantomRaven returns to npm with 88 bad packages

Mar 12, 2026 2:10 PM

Tags: breach, control, credentials, data, malicious, malware, update

Operational patterns challenge “research experiment” claim: Despite the new waves, PhantomRaven’s core functionality has remained largely unchanged, the researchers said. They found that 257 out of 259 lines of the malware payload are identical across all waves, with the only significant modification being the command-and-control domain used to receive stolen data.Instead, the attacker focused on…
Maintaining Security and Protecting Smart Home Devices from Hackers

Mar 12, 2026 1:09 PM

Tags: cctv, data, hacker, network, password, update

Learn how to protect smart home devices from hackers. Strong passwords, updates and secure networks help keep cameras, sensors and data safe. First seen on hackread.com Jump to article: hackread.com/maintain-security-protect-smart-home-devices-hackers/
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Mar 12, 2026 12:10 PM

Tags: apple, cve, exploit, flaw, iphone, macOS, update, vulnerability

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content.…
CISA orders feds to patch n8n RCE flaw exploited in attacks

Mar 11, 2026 7:48 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, government, infrastructure, rce, remote-code-execution, update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-n8n-rce-flaw-exploited-in-attacks/
UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours

Mar 11, 2026 2:48 PM

Tags: access, cloud, cyber, exploit, hacker, update

UNC6426 hackers turned a routine NPM update into a direct path to full AWS administrator access in under 72 hours, highlighting how fragile CI/CD-to-cloud trust can become when roles are overly permissive.”‹ When a developer at the victim organization updated or installed the affected package via a code editor plugin, the postinstall script silently executed…
March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Mar 11, 2026 1:49 PM

Tags: microsoft, update, vulnerability, zero-day

Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities/
March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Mar 11, 2026 1:49 PM

Tags: microsoft, update, vulnerability, zero-day

Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-2/
March 2026 Patch Tuesday fixes two zero-day vulnerabilities

Mar 11, 2026 1:49 PM

Tags: microsoft, update, vulnerability, zero-day

Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-3/
März-Patchday für Windows 11 – Update mit Browser-Speedtest patcht auch Sicherheitslücken

Mar 11, 2026 1:49 PM

Tags: microsoft, update, windows

Neben Neuerungen wie den integrierten Browser-Speedtest schließt Microsoft beim März-Patchday insgesamt 83 Sicherheitslücken. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/maerz-patchday-fuer-windows-11-update-beinhaltet-den-browser-speedtest-und-schliesst-sicherheitsluecken.96496
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Mar 11, 2026 1:49 PM

Tags: cve, exploit, flaw, injection, insurance, network, sap, software, update, vulnerability

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.The vulnerabilities in question listed below -CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization First seen on thehackernews.com…
Why zero trust breaks down in IoT and OT environments

Mar 11, 2026 12:49 PM

Tags: access, attack, automation, breach, cloud, control, credentials, cyber, firewall, firmware, group, identity, infrastructure, iot, network, nist, resilience, risk, service, tool, update, zero-trust

The IoT and OT blind spot: IoT and OT environments consistently exhibit three characteristics that create persistent security blind spots.First, visibility is incomplete by design. Devices are frequently deployed by facilities teams, engineering groups, or third-party integrators rather than security organizations. Asset inventories lag reality. Telemetry is sparse, proprietary, or intermittent. Many devices communicate only…
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Mar 11, 2026 12:49 PM

Tags: access, advisory, cisa, control, credentials, data, endpoint, exploit, firewall, flaw, infrastructure, kev, remote-code-execution, software, switch, update, vulnerability

Exposure spans campus to data center switching: The vulnerabilities affect AOS-CX software across four active version branches, spanning entry-level campus switches to data center-class hardware. Versions that reached the end of support before the advisory’s publication are also expected to be vulnerable, the advisory said. Organizations running AOS-CX 10.17.0001 and below, 10.16.1020 and below, 10.13.1160…
März-Patchday für Windows 11 – Update beinhaltet den Browser-Speedtest und schließt Sicherheitslücken

Mar 11, 2026 12:49 PM

Tags: microsoft, update, windows

Neben Neuerungen wie den integrierten Browser-Speedtest schließt Microsoft beim März-Patchday insgesamt 83 Sicherheitslücken. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/maerz-patchday-fuer-windows-11-update-beinhaltet-den-browser-speedtest-und-schliesst-sicherheitsluecken.96496
Microsoft patches 80+ vulnerabilities, six flagged as >>more likely<< to be exploited

Mar 11, 2026 12:49 PM

Tags: cloud, exploit, microsoft, software, update, vulnerability

On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/11/march-2026-patch-tuesday/
Did cybersecurity recently have its Gatling gun moment?

Mar 11, 2026 12:49 PM

Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfare

inflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
Microsoft Fixes 79 Flaws in March Patch Tuesday, Including Two 0-Days

Mar 11, 2026 11:46 AM

Tags: flaw, microsoft, sql, update, vulnerability, windows, zero-day

Microsoft fixes 79 vulnerabilities in March 2026 Patch Tuesday, including two publicly disclosed 0-days affecting SQL Server, .NET and Windows systems. First seen on hackread.com Jump to article: hackread.com/microsoft-march-patch-tuesday-two-0-days-flaws/
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Mar 11, 2026 11:46 AM

Tags: flaw, microsoft, remote-code-execution, software, update, vulnerability, zero-day

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information…
Whatsapp-Update: So verhinderst du, dass Fremde deinen Status sehen können

Mar 11, 2026 11:46 AM

Tags: update

First seen on t3n.de Jump to article: t3n.de/news/whatsapp-update-so-verhinderst-du-dass-fremde-deinen-status-sehen-koennen-1732479/