Tag: update
-
Microsoft Patch Tuesday for December 2025, Snort rules and prominent vulnerabilities
The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-december-2025/
-
Patchday: Windows Server-Updates (9. Dezember 2025)
Zum 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-server-updates-9-dez/
-
Patchday: Windows 10/11 Updates (9. Dezember 2025)
Am 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 (mit ESU-Lizenz) und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-10-11-updates-9-dezember-2025/
-
SAP fixes three critical vulnerabilities across multiple products
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-three-critical-vulnerabilities-across-multiple-products/
-
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday
Proof-of-concept exploit code is publicly available for two other flaws in this month’s Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-fixes-exploited-zero-day-light-patch-tuesday
-
Microsoft Security Update Summary (9. Dezember 2025)
Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
-
Microsoft patched over 1,100 CVEs in 2025
The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to over 1,100. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636275/Microsoft-patched-over-1100-CVEs-in-2025
-
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2025/
-
Microsoft releases Windows 10 KB5071546 extended security update
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
-
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/
-
Windows 11 KB5072033 & KB5071417 cumulative updates released
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/
-
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/
-
Racks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you think
Tags: access, automation, backup, breach, cloud, control, data, data-breach, defense, detection, dns, encryption, firmware, flaw, infrastructure, intelligence, Internet, metric, mobile, network, resilience, software, strategy, supply-chain, tool, update, vulnerability, zero-dayCloud complexity and policy traps: Networks, however, no longer stay confined to racks. They live in routing tables, BGP sessions, cloud control planes and software-defined overlays. Many organizations rush to multi-region cloud setups, believing geographic distance alone guarantees resilience. It does not. Last year, I oversaw a global e-commerce platform with active-passive failover across two…
-
Racks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you think
Tags: access, automation, backup, breach, cloud, control, data, data-breach, defense, detection, dns, encryption, firmware, flaw, infrastructure, intelligence, Internet, metric, mobile, network, resilience, software, strategy, supply-chain, tool, update, vulnerability, zero-dayCloud complexity and policy traps: Networks, however, no longer stay confined to racks. They live in routing tables, BGP sessions, cloud control planes and software-defined overlays. Many organizations rush to multi-region cloud setups, believing geographic distance alone guarantees resilience. It does not. Last year, I oversaw a global e-commerce platform with active-passive failover across two…
-
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-endpoint-manager-code-execution-flaw/
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push
The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-update-dec-2025/
-
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More
SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
-
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More
SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
-
Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws
ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical >>React2Shell
-
Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws
ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical >>React2Shell
-
Secure by Design auch eine Frage der Firewall
Sophos hat heute die Veröffentlichung der Sophos Firewall v22 (SFOS v22) bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”,…
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…