Collecting Cyber-News from over 60 sources

Tag: update

Microsoft security update breaks MSMQ on older Win systems

Dec 17, 2025 11:19 PM

Tags: microsoft, update

Folder permission changes cause queue failures and misleading error messages, no real fix yet First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/microsoft_admits_that_message_queuing/
SonicWall warns of actively exploited flaw in SMA 100 AMC

Dec 17, 2025 9:19 PM

Tags: attack, cve, exploit, flaw, update, vulnerability, zero-day

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
Nagios XI 2026R1.1 Released to Patch Privilege Escalation Vulnerability

Dec 17, 2025 9:19 PM

Tags: cve, cyber, flaw, infrastructure, monitoring, risk, update, vulnerability

Nagios has released version 2026R1.1 to address a critical privilege escalation vulnerability affecting earlier versions of its monitoring platform. The flaw, tracked as CVE-2025-34288, poses a significant risk to enterprise infrastructure by enabling local attackers to execute arbitrary code with root privileges. Vulnerability Details The vulnerability stems from an unsafe interaction between sudo permissions and…
Microsoft to Block Exchange Online Access from Outdated Devices

Dec 17, 2025 9:19 PM

Tags: access, cyber, microsoft, mobile, update

Microsoft has announced a significant update to its device connectivity policies for Exchange Online, aimed at enhancing security and ensuring users are on modern protocols. Starting March 1, 2026, mobile devices running Exchange ActiveSync (EAS) versions older than 16.1 will no longer be able to connect to Exchange Online mailboxes. Exchange ActiveSync version 16.1 was originally…
SonicWall warns of actively exploited flaw in SMA 100 AMC

Dec 17, 2025 9:19 PM

Tags: attack, cve, exploit, flaw, update, vulnerability, zero-day

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
Sonicwall warns of new SMA1000 zero-day exploited in attacks

Dec 17, 2025 7:19 PM

Tags: attack, exploit, update, vulnerability, zero-day

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
Microsoft security updates breaks MSMQ on older Win systems

Dec 17, 2025 3:19 PM

Tags: microsoft, update

Folder permission changes cause queue failures and misleading error messages, no real fix yet First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/microsoft_admits_that_message_queuing/
JumpCloud agent turns uninstall into a system shortcut

Dec 17, 2025 1:19 PM

Tags: access, control, credentials, data, endpoint, exploit, flaw, service, theft, update, vulnerability, windows

Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
JumpCloud agent turns uninstall into a system shortcut

Dec 17, 2025 1:19 PM

Tags: access, control, credentials, data, endpoint, exploit, flaw, service, theft, update, vulnerability, windows

Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
JumpCloud agent turns uninstall into a system shortcut

Dec 17, 2025 1:19 PM

Tags: access, control, credentials, data, endpoint, exploit, flaw, service, theft, update, vulnerability, windows

Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
Windows 11 25H2: Administrator Protection-Schwachstelle CVE-2025-60718 ungefixt?

Dec 17, 2025 11:19 AM

Tags: cve, update, vulnerability, windows

Die neu in Windows 11 ab 25H2 eingeführte Funktion “Administrator Protection” hatte eine Elevation of Privilege-Schwachstelle CVE-2025-60718, die angeblich zum 11. November 2025 geschlossen wurde. Nun gibt es den Hinweis, dass dieser Patch unvollständig ist und die EoP-Schwachstelle weiterhin ausgenutzt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/17/windows-11-24h2-25h2-administrator-protection-schwachstelle-cve-2025-60718-ungefixt/
Windows 11 25H2: Administrator Protection-Schwachstelle CVE-2025-60718 ungefixt?

Dec 17, 2025 11:19 AM

Tags: cve, update, vulnerability, windows

Die neu in Windows 11 ab 25H2 eingeführte Funktion “Administrator Protection” hatte eine Elevation of Privilege-Schwachstelle CVE-2025-60718, die angeblich zum 11. November 2025 geschlossen wurde. Nun gibt es den Hinweis, dass dieser Patch unvollständig ist und die EoP-Schwachstelle weiterhin ausgenutzt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/17/windows-11-24h2-25h2-administrator-protection-schwachstelle-cve-2025-60718-ungefixt/
Die Plüschdämonen schlagen zurück: Gekaperte Updates laden gefährliche Backdoor

Dec 17, 2025 11:19 AM

Tags: backdoor, update

ESET Forscher haben ein Netzwerkimplantat entdeckt, das die chinesische Hackergruppe PlushDaemon zur Durchführung von Adversary-in-the-Middle-Angriffen verwendet First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/die-pluschdamonen-schlagen-zuruck-gekaperte-updates-laden-gefahrliche-backdoor/
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT

Dec 17, 2025 10:19 AM

Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windows

IntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
Chrome Security Update Fixes Remote Code Execution Flaws

Dec 17, 2025 9:19 AM

Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windows

Google has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
FortiGate firewall credentials being stolen after vulnerabilities discovered

Dec 17, 2025 5:19 AM

Tags: access, advisory, ai, attack, authentication, best-practice, breach, ceo, cisa, credentials, cve, cyberattack, cybersecurity, data, data-breach, exploit, firewall, flaw, fortinet, hacker, infrastructure, Internet, kev, least-privilege, login, malicious, network, password, software, theft, threat, update, vulnerability

CSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against…
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership

Dec 17, 2025 1:19 AM

Tags: cybersecurity, data, framework, group, jobs, law, threat, update, vulnerability

Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership

Dec 17, 2025 1:19 AM

Tags: cybersecurity, data, framework, group, jobs, law, threat, update, vulnerability

Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
Multiple Fortinet Products Exploited In Attacks, Rapid Patching Urged

Dec 16, 2025 10:19 PM

Tags: attack, cisa, cybersecurity, exploit, fortinet, infrastructure, update, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging Fortinet customers to prioritize patching for a critical-severity vulnerability, which impacts multiple products from the vendor and has been exploited in cyberattacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-multiple-fortinet-products-exploited-in-attacks-rapid-patching-urged
LG Copilot-Zwangsinstallation: Update kapert Smart-TVs mit Microsoft-KI

Dec 16, 2025 5:19 PM

Tags: ai, microsoft, update

Zwangsinstallation von Microsoft Copilot auf LG-Fernsehern: Ein Update bringt unlöschbare KI auf Smart-TVs und entfacht Kritik. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/entertainment/lg-copilot-zwangsinstallation-update-kapert-smart-tvs-mit-microsoft-ki-324273.html
LG Copilot-Zwangsinstallation: Update kapert Smart-TVs mit Microsoft-KI

Dec 16, 2025 5:19 PM

Tags: ai, microsoft, update

Zwangsinstallation von Microsoft Copilot auf LG-Fernsehern: Ein Update bringt unlöschbare KI auf Smart-TVs und entfacht Kritik. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/entertainment/lg-copilot-zwangsinstallation-update-kapert-smart-tvs-mit-microsoft-ki-324273.html
Hackers are exploiting critical Fortinet flaws days after patch release

Dec 16, 2025 5:19 PM

Tags: cve, exploit, flaw, fortinet, hacker, threat, update, vulnerability

Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploiting two critical flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), in Fortinet products days after patch release, Arctic Wolf warns. Last week, Fortinet addressed 18 vulnerabilities, including the two flaws…
Plattform-Update und Migrationsangebot für Unternehmen – IceWarp bietet neue Collaboration-Features und Exchange-Alternative

Dec 16, 2025 10:19 AM

Tags: update

First seen on security-insider.de Jump to article: www.security-insider.de/icewarp-bietet-neue-collaboration-features-und-exchange-alternative-a-cae98fcd449c8a1afa4125d6a985438a/
Plattform-Update und Migrationsangebot für Unternehmen – IceWarp bietet neue Collaboration-Features und Exchange-Alternative

Dec 16, 2025 10:19 AM

Tags: update

First seen on security-insider.de Jump to article: www.security-insider.de/icewarp-bietet-neue-collaboration-features-und-exchange-alternative-a-cae98fcd449c8a1afa4125d6a985438a/
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS

Dec 15, 2025 9:19 PM

Tags: cyber, Internet, microsoft, service, update, windows

Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments.…
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS

Dec 15, 2025 9:19 PM

Tags: cyber, Internet, microsoft, service, update, windows

Microsoft’s December 2025 security update has introduced a significant compatibility issue affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The problematic update, identified as KB5071546 (OS Build 19045.6691), was released on December 9, 2025, and has already impacted organizations relying on MSMQ for inter-application communication, particularly in Internet Information Services (IIS) deployments.…
Wireshark 4.6.2 Released With Crash Vulnerability Fixes and Protocol Updates

Dec 15, 2025 9:19 PM

Tags: cyber, network, update, vulnerability

Wireshark, the world’s leading network protocol analyzer, has released version 4.6.2 with critical security updates and important bug fixes. The update addresses compatibility issues, resolves multiple vulnerability concerns, and enhances protocol support for enterprise users and network engineers worldwide. Security Vulnerabilities Patched The latest release fixes two critical security vulnerabilities that could have impacted network…