Tag: update
-
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow…
-
CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, software, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations.…
-
AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively…
-
Fortinet admits FortiGate SSO bug still exploitable despite December patch
Fix didn’t quite do the job attackers spotted logging in First seen on theregister.com Jump to article: www.theregister.com/2026/01/23/fortinet_fortigate_patch/
-
GitLab Releases Critical Patch Updates to Address Multiple High-Severity Vulnerabilities
GitLab has issued a new GitLab patch release addressing a range of security vulnerabilities and stability issues across multiple supported versions. The latest updates, versions 18.8.2, 18.7.2, and 18.6.4, apply to both GitLab Community Edition and Enterprise Edition and are now available for self-managed installations. According to the release information, these updates contain important bug fixes and security remediations,…
-
KI-gestützte Ausfallsicherheit: Die Zukunft des Site Reliability Engineering
Die Integration von KI in das Site Reliability Engineering revolutioniert die Arbeitsweise von SRE-Teams, indem sie von reaktiver Problemlösung zu proaktiver Systemoptimierung übergehen. KI automatisiert nicht nur repetitive Aufgaben wie Patch-Management und Log-Analyse, sondern ermöglicht auch eine vorausschauende Fehlerdiagnose und effizienteres Incident Management. Entscheidend für den Erfolg ist jedoch, dass KI als strategischer Partner eingesetzt……
-
Critical SmarterMail vulnerability under attack, no CVE yet
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with…
-
Keeper Introduces Instant Account Switching and Passkey Improvements
Keeper Security has announced instant account switching and passkey enhancements across its mobile applications and browser extension. This update is said to be available across all major web browsers including iOS, Android and the Keeper Browser Extension. The instant account switching enables users to securely toggle between multiple Keeper accounts on the same device or…
-
Microsoft updates Notepad and Paint with more AI features
Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-updates-notepad-and-paint-with-more-ai-features/
-
NVIDIA CUDA Toolkit Flaw Allows Command Injection, Arbitrary Code Execution
NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks. Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem. Attackers could exploit these via malicious inputs during manual…
-
JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure
JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about JA3’s relevance fueled by frozen public databases and inconsistent threat intelligence updates the indicator remains a powerful asset for SOC and threat hunting teams.…
-
Maintel pipeline remains strong
Tags: updateChannel player shares an update on how its last fiscal year went with it clear there were challenges as well as positives First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366637486/Maintel-pipeline-remains-strong
-
ZEST Security Adds AI Agents to Identify Vulnerabilities That Pose No Actual Risk
ZEST Security introduces AI Sweeper Agents that identify which vulnerabilities are truly exploitable, helping security teams cut patch backlogs and focus on real risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/zest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk/
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
Konsolidierte Update-Architektur für Windows-Umgebungen – Windows Update Orchestration Platform
First seen on security-insider.de Jump to article: www.security-insider.de/windows-update-orchestration-platform-a-0748a183171dae51464fd15639b8a896/
-
Another week, another emergency patch as Cisco plugs Unified Comms zero-day
The critical-rated flaw leaves unpatched systems open to full takeover First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/another_week_another_emergency_patch/
-
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible…
-
Fortinet admins report patched FortiGate firewalls getting hacked
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/
-
Microsoft shares workaround for Outlook freezes after Windows update
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-outlook-freezes-after-windows-update/
-
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked…
-
Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node…
-
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to…
-
EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act
The EU’s Cybersecurity Act 2.0 will aim to address some of the challenges of the current CSA, including the slow rollout of certification schemes First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/eu-unveils-cybersecurity-act-2/
-
EU’s New Cybersecurity Act Could Ban High-Risk Suppliers
This sweeping update introduces measures to identify and potentially exclude “high-risk” third countries and companies across 18 essential sectors. The post EU’s New Cybersecurity Act Could Ban High-Risk Suppliers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-eu-2026-cybersecurity-act/
-
Vulnerability prioritization beyond the CVSS number
Tags: automation, container, credentials, cve, cvss, data, docker, endpoint, flaw, github, identity, network, open-source, risk, service, update, vulnerability, vulnerability-managementA different way to look at vulnerabilities: This is where the unified linkage model (ULM) comes in. Instead of asking, “How bad is this vulnerability on its own?” ULM asks, “What can this vulnerability affect once it starts moving?”It focuses on three kinds of relationships:Adjacency: Systems that sit side by side and can influence each…
-
Microsoft Intune changes to start biting unprepared admins
Mobile application management updates mean apps could soon be blocked First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/microsoft_intune_deadline/