Tag: update
-
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr…
-
I’m locked in!
Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/im-locked-in/
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
AV vendor goes to war with security shop over update server scare
eScan lawyers up after Morphisec claimed ‘critical supply-chain compromise’ First seen on theregister.com Jump to article: www.theregister.com/2026/01/29/escan_morphisec_dispute/
-
Microsoft releases update to address zero-day vulnerability in Microsoft Office
Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-oob-update-january-2026/
-
eScan AV supply chain compromise: Users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Patch or perish: Vulnerability exploits now dominate intrusions
Apply fixes within a few hours or face the music, say the pros First seen on theregister.com Jump to article: www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
-
Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity
Here’s a peek at AI assistance, phone-to-PC handoff, accessibility improvements, security fixes, and stability updates. The post Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-preview-ai-phone-upgrades/
-
How Can CISOs Respond to Ransomware Getting More Violent?
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
-
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being…
-
Critical RCE bugs expose the n8n automation platform to host”‘level compromise
Python code node escape breaks isolation: JFrog also identified a separate sandbox escape affecting n8n’s Python Code node when the platform is configured to use its “Internal” execution mode. In this case, restrictions intended to contain Python code execution can be bypassed, again allowing authenticated users to run arbitrary code outside the sandbox.The second issue,…
-
Virenschutz ade: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Google rolls out Android theft protection feature updates
Google has introduced stronger Android authentication safeguards and enhanced recovery tools to make smartphones more challenging targets for thieves. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-rolls-out-android-theft-protection-feature-updates/
-
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q4-2025/
-
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…
-
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).The list of vulnerabilities is as follows -CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated First seen on thehackernews.com…
-
Von wegen Virenschutz: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Armoury Crate: Windows 11 blockiert Software für Xbox-Handheld
Das Feature Smart App Control sieht die Treibersoftware von Asus nach einem Update als schädlich an und blockiert die Installation. First seen on golem.de Jump to article: www.golem.de/news/armoury-crate-windows-11-blockiert-software-fuer-xbox-handheld-2601-204752.html
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
OPNsense 26.1 brings updates to open-source firewall management
OPNsense, the open-source firewall and network security platform, reached version 26.1, adding a range of updates affecting management, traffic visibility, automation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/opnsense-26-1-open-source-firewall/
-
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest
Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/months-after-patch-winrar-bug-poised-smbs-hardest
-
Fortinet Locks Down FortiCloud SSO Amid Zero-Day Attacks
Mitigation: SSO Access Restricted After Attackers Compromised Fully Patched Devices. Network security giant Fortinet locked out cloud customers from its single sign-on service until they update device firmware with a patch against active attacks exploiting an improper access control zero day. Only Fortinet devices running the latest, patched firmware versions can use Fortinet SSO. First…
-
Fortinet unearths another critical bug as SSO accounts borked post-patch
More work for admins on the cards as they await a full dump of fixes First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/fortinet_forticloud_vuln/
-
Autonomous System Uncovers Long-Standing OpenSSL Flaws
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/12-openssl-flaws/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
Pixel-Nutzer berichten nach Update über Probleme
Das Januar-Update macht bei manchen Nutzern Schwierigkeiten: Pixel-Besitzer berichten von WLAN- und Bluetooth-Problemen. First seen on golem.de Jump to article: www.golem.de/news/google-pixel-nutzer-berichten-nach-update-von-problemen-2601-204710.html
-
Critical FortiCloud SSO zero”‘day forces emergency service disablement at Fortinet
Attack details and indicators: Fortinet’s investigation into the exploitation revealed attackers used two specific FortiCloud accounts: “cloud-noc@mail.io” and “cloud-init@mail.io,” though the company warned “these addresses may change in the future.”Fortinet identified multiple IP addresses associated with the attacks, including several Cloudflare-protected addresses that attackers used to obscure their activities.”Following authentication via SSO, it has been…
-
Pixel-Nutzer berichten nach Update von Problemen
Das Januar-Update macht bei manchen Nutzern Schwierigkeiten: Pixel-Besitzer berichten von WLAN- und Bluetooth-Problemen. First seen on golem.de Jump to article: www.golem.de/news/google-pixel-nutzer-berichten-nach-update-von-problemen-2601-204710.html