Tag: update
-
Patch for WSUS flaw disabled Windows Server hotpatching
An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patch-for-wsus-flaw-disabled-windows-server-hotpatching/
-
Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business
Proton, the company best known for Proton Mail and Proton VPN, has launched Lumo for Business, a new version of its privacy-first AI assistant designed specifically for teams. The move marks the third major update to Lumo in just three months and signals Proton’s push to bring confidential, end-to-end encrypted AI to the enterprise market.…
-
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide. The reconnaissance activity focuses specifically on TCP ports 8530 and 8531, which correspond to unencrypted and encrypted communication channels for WSUS servers vulnerable to the recently disclosed CVE-2025-59287. This coordinated…
-
Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business
Proton, the company best known for Proton Mail and Proton VPN, has launched Lumo for Business, a new version of its privacy-first AI assistant designed specifically for teams. The move marks the third major update to Lumo in just three months and signals Proton’s push to bring confidential, end-to-end encrypted AI to the enterprise market.…
-
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide. The reconnaissance activity focuses specifically on TCP ports 8530 and 8531, which correspond to unencrypted and encrypted communication channels for WSUS servers vulnerable to the recently disclosed CVE-2025-59287. This coordinated…
-
Microsoft bestätigt: Task-Manager-Bug müllt unter Windows 11 den Speicher voll
Das letzte Windows-11-Update bringt die Systeme der Nutzer an ihre Grenzen – zumindest wenn der Task-Manager häufig verwendet wird. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-task-manager-bremst-nach-update-windows-11-aus-2511-201782.html
-
Microsoft bestätigt: Task-Manager bremst nach Update Windows 11 aus
Das letzte Windows-11-Update bringt die Systeme der Nutzer an ihre Grenzen – zumindest wenn der Task-Manager häufig verwendet wird. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-task-manager-bremst-nach-update-windows-11-aus-2511-201782.html
-
Windows Task Manager won’t quit after KB5067036 update
Microsoft has confirmed a known issue that is preventing users from quitting the Windows 11 Task Manager after installing the October 2025 optional update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-task-manager-wont-quit-after-kb5067036-update/
-
Cyberbedrohung: China kann jederzeit Norwegens Elektrobusse lahmlegen
Möglich ist das aufgrund einer in den Bussen verbauten SIM-Karte, über die OTA-Updates bezogen werden. Die potenziellen Folgen sind weitreichend. First seen on golem.de Jump to article: www.golem.de/news/cyberbedrohung-china-kann-jederzeit-norwegens-elektrobusse-lahmlegen-2511-201772.html
-
Attacken auf EU: Ungepatchte Windows-Lücke wird seit Jahren ausgenutzt
Die Sicherheitslücke ist Microsoft schon seit über einem Jahr bekannt. Bisher lehnt der Konzern es jedoch ab, einen Patch bereitzustellen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-eu-ungepatchte-windows-luecke-wird-seit-jahren-ausgenutzt-2511-201767.html
-
Attacken auf EU: Ungepatchte Windows-Lücke wird seit Jahren ausgenutzt
Die Sicherheitslücke ist Microsoft schon seit über einem Jahr bekannt. Bisher lehnt der Konzern es jedoch ab, einen Patch bereitzustellen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-eu-ungepatchte-windows-luecke-wird-seit-jahren-ausgenutzt-2511-201767.html
-
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server
The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
-
Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server
The guidance: The guidance states admins should treat on-prem Exchange servers as being “under imminent threat,” and itemizes key practices for admins:First, it notes, “the most effective defense against exploitation is ensuring all Exchange servers are running the latest version and Cumulative Update (CU)”;It points out that Microsoft Exchange Server Subscription Edition (SE) is the…
-
Chinese hackers target Western diplomats using hardpatch Windows shortcut flaw
Tags: access, attack, china, control, cyber, endpoint, exploit, flaw, group, hacker, intelligence, mitigation, monitoring, rat, russia, threat, ukraine, update, vulnerability, windowsMitigation: In the absence of a patch, organizations worried about .LNK attacks should consider blocking .LNK files or disabling their execution in Windows Explorer, Arctic Wolf advised.”This should be put in place across all Windows systems, prioritizing endpoints used by personnel with access to sensitive diplomatic or policy information. While this vulnerability was disclosed in…
-
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI has announced the launch of an “agentic security researcher” that’s powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code.Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix…
-
Tonic.ai product updates: October 2025
Announcing the Fabricate Data Agent, synthetic data generation via agentic AI. Plus, Structural’s Custom Categorical is now AI-assisted, and Model-based Custom Entities are coming to Textual! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/tonic-ai-product-updates-october-2025/
-
Transnational Organized Crime Gang Steals $1 Million from Ontario Couple
Today my LinkedIn feed and Google News filter is showing me several stories that illustrate how we are failing to stop online scammers from stealing from our elderly. It starts with the headlines. CTVNews: Ontario seniors GIVE AWAY MORE THAN $1 MILLION to scammers.CTVNews: Ontario couple LOSES MORE THAN $1 MILLION DOLLARS to fraud.Toronto Only:…
-
Windows Server Update Service exploitation ensnares at least 50 victims
Researchers warn hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/windows-server-update-service-exploitation-50-victims/804362/
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
OpenAI launches Aardvark to detect and patch hidden bugs in code
Tags: ai, attack, cve, flaw, framework, LLM, open-source, openai, software, supply-chain, update, vulnerabilitySecuring open source and shifting security left: Aardvark’s role extends beyond enterprise environments. OpenAI has already deployed it across open-source repositories, where it claims to have discovered multiple real-world vulnerabilities, ten of which have received official CVE identifiers. The LLM giant said it plans to provide pro-bono scanning for selected non-commercial open-source projects, under a…
-
OpenAI launches Aardvark to detect and patch hidden bugs in code
Tags: ai, attack, cve, flaw, framework, LLM, open-source, openai, software, supply-chain, update, vulnerabilitySecuring open source and shifting security left: Aardvark’s role extends beyond enterprise environments. OpenAI has already deployed it across open-source repositories, where it claims to have discovered multiple real-world vulnerabilities, ten of which have received official CVE identifiers. The LLM giant said it plans to provide pro-bono scanning for selected non-commercial open-source projects, under a…
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
The unified linkage model: A new lens for understanding cyber risk
Tags: access, api, attack, breach, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, defense, exploit, flaw, framework, identity, incident response, infrastructure, intelligence, malicious, mitre, network, nist, okta, open-source, radius, resilience, risk, risk-analysis, saas, sbom, software, supply-chain, threat, update, vpn, vulnerability, zero-day, zero-trustMissed systemic risk: Organizations secure individual components but miss how vulnerabilities propagate through dependencies (e.g., Log4j embedded in third-party apps).Ineffective prioritization: Without a linkage structure, teams patch high-severity CVEs on isolated systems while leaving lower-scored flaws on critical trust pathways.Slow incident response: When a zero-day emerges, teams scramble to locate vulnerable components. Without pre-existing linkage…
-
Progress Releases Patch for MOVEit Transfer Resource Consumption Flaw
Progress Software has released security patches to address a high-severity vulnerability in its MOVEit Transfer platform discovered on October 29, 2025. The flaw, tracked asCVE-2025-10932, affects the AS2 module and allows attackers to consume system resources without proper restrictions. Attribute Details CVE ID CVE-2025-10932 Vulnerability Type Uncontrolled Resource Consumption (CWE-400) Affected Component Progress MOVEit Transfer…
-
Wie die Schwachstelle in Microsoft WSUS ausgenutzt wird
Forscher der Sophos Counter Threat Unit (CTU) haben eine Angriffswelle entdeckt, bei der Cyberkriminelle gezielt die Sicherheitslücke in Microsofts Windows Server Update Services (WSUS) ausnutzen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/kritische-schwachstelle-microsoft-wsus
-
OpenAI releases ‘Aardvark’ security and patching model
The model, currently in beta mode, is designed to automatically scan, analyze and patch vulnerabilities in private and open-source code bases. First seen on cyberscoop.com Jump to article: cyberscoop.com/openai-aardvark-security-and-patching-model-beta/