Tag: update
-
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
-
Carelessness versus craftsmanship in cryptography
Tags: access, advisory, api, attack, authentication, computing, credentials, cryptography, data, email, encryption, github, hacker, oracle, side-channel, software, threat, tool, update, vpn, vulnerabilityTwo popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan, the maintainer provided a model response for security vendors. The…
-
Carelessness versus craftsmanship in cryptography
Tags: access, advisory, api, attack, authentication, computing, credentials, cryptography, data, email, encryption, github, hacker, oracle, side-channel, software, threat, tool, update, vpn, vulnerabilityTwo popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan, the maintainer provided a model response for security vendors. The…
-
Microsoft Edge 145 lands with major enterprise security upgrades
Microsoft has begun rolling out Edge 145 to the Stable release channel, adding several enterprise-focused security enhancements. The update is being deployed in phases, with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-edge-145-security-enhancements/
-
Windows-Patch behebt Probleme im Austausch für neue Bugs
Vor dem Update vom Februar 2026 konnten einige User ihr Windows nicht mehr booten. Nach dem Patch hängen sie in einer Boot-Schleife fest. First seen on golem.de Jump to article: www.golem.de/news/microsoft-windows-patch-behebt-probleme-im-austausch-fuer-neue-bugs-2602-205556.html
-
Flaws in four popular VS Code extensions left 128 million installs open to attack
Tags: access, api, attack, cloud, credentials, cve, flaw, infrastructure, malicious, microsoft, risk, supply-chain, tool, update, vulnerability, xssMicrosoft quietly patched its own extension: The fourth vulnerability played out differently. Microsoft’s Live Preview extension, with 11 million downloads, contained a cross-site scripting flaw that, according to OX Security, let a malicious web page enumerate files in the root of a developer’s machine and exfiltrate credentials, access keys, and other secrets.The researchers reported the…
-
Notepad++ declares hardened update process ‘effectively unexploitable’
Miscreants will need to find another avenue for malware shenanigans First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/notepadplusplus_security_update/
-
Keenadu: Android malware that comes preinstalled and can’t be removed by users
Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
-
Discipline is the new power move in cybersecurity leadership
Tags: automation, cyber, cybersecurity, data, group, incident response, intelligence, metric, risk, risk-management, service, siem, soc, technology, threat, tool, update, vulnerability, vulnerability-managementHow to do more with less: 1. Review contracts, renegotiate them or change the operations to a new partner Scope, service-level agreements and performance metrics should be revisited because many contracts were established under different risk profiles, urgency and pricing conditions. Modernizing contracts to focus on outcomes rather than activities, revalidating pricing and service assumptions…
-
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/notepad-secure-update-download/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest.The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust and…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
Everyone uses open source, but patching still moves too slowly
Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/open-source-adoption-patching-challenges/
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-boosts-update-security-with-double-lock-mechanism/
-
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-boosts-update-security-with-double-lock-mechanism/
-
Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky.The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build…
-
Android 17 Beta Introduces Secure-By-Default Architecture
Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-17-beta-secure-default/
-
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has released an emergency update to patch an actively exploited zero-day”, the first Chrome zero-day of the year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/
-
(g+) Cisa-Warnung: Diese Schwachstellen sollten ganz hoch auf die Patch-Agenda
Aktiv ausgenutzte Schwachstellen: Die Cisa listet Solarwinds Web Help Desk, Notepad++ WinGUp und Apple dyld Zero Day. Was Admins jetzt konkret tun sollten. First seen on golem.de Jump to article: www.golem.de/news/cisa-warnung-diese-schwachstellen-sollten-ganz-hoch-auf-die-patch-agenda-2602-205457.html
-
Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build
Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS 26.4 developer beta. Apple has added end-to-end encrypted RCS messaging to the iOS and iPadOS 26.4 developer beta. The feature, still in testing, will roll out in a future update across iOS, iPadOS, macOS, and watchOS. Apple notes that E2EE is not…
-
Black Duck Expands Polaris Integrations to Streamline Enterprise DevSecOps Across Major SCM Platforms
Black Duck has expanded the integration capabilities of its Polaris Platform to help enterprises embed automated, frictionless application security across large, complex development environments. The update introduces enhanced, native integrations with leading source code management (SCM) platforms, including GitHub, GitLab, Azure DevOps, and Bitbucket. The move is designed to support enterprises that manage hundreds or thousands…
-
Firefox v147.0.3 Released with Critical Fix for Heap Buffer Overflow Vulnerability
Mozilla has released an emergency security update for Firefox, addressing a critical heap buffer overflow vulnerability in the libvpx library. The update, version 147.0.4, was announced on February 16, 2026, alongside corresponding patches for Firefox ESR 140.7.1 and ESR 115.32.1. The vulnerability, tracked as CVE-2026-2447, was discovered by security researcher jayjayjazz and affects the libvpx…