Tag: update
-
Darwinium updates mobile SDKs to detect in-session fraud and account farming
First seen on scworld.com Jump to article: www.scworld.com/brief/darwinium-updates-mobile-sdks-to-detect-in-session-fraud-and-account-farming
-
Verizon DBIR 2026: Vulnerability exploits top initial access as patching coverage falls
First seen on scworld.com Jump to article: www.scworld.com/news/verizon-dbir-2026-vulnerability-exploits-top-initial-access-as-patching-coverage-falls
-
Ubiquiti patches three max severity UniFi OS vulnerabilities
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in Unify OS that can be exploited by remote attackers without privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/
-
Meet Fractal, an OS made for microarchitecture reverse engineering
Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/fractal-os-microarchitecture-reverse-engineering/
-
Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure
Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterprise and the Splunk Cloud Platform, as well as the Splunk AI Toolkit app. The flaws include improper access…
-
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.”An attacker could exploit this vulnerability if they are able to send First seen…
-
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.”An attacker could exploit this vulnerability if they are able to send First seen…
-
Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix
Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work because nobody followed all the steps. That is…
-
Max severity Cisco Secure Workload flaw gives Site Admin privileges
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-max-severity-secure-workload-flaw-gives-hackers-site-admin-privileges/
-
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small.A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.That is what makes it worrying. The danger…
-
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
Google has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Windows and macOS, and 148.0.7778.178 for Linux. According to the official Chrome Releases blog, the latest…
-
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromise affected websites shortly after public disclosure. According to the advisory, the security update…
-
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromise affected websites shortly after public disclosure. According to the advisory, the security update…
-
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how deeply embedded open-source libraries can be weaponized to infiltrate modern development pipelines at scale. The…
-
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure.The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database abstraction…
-
NIS-2 und eIDAS-Update im Fokus: TeleTrusT-Podcast mit Tim Golly, Markus Schuster und Carsten Vossel
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/nis2-eidas-teletrust-podcast-tim-golly-markus-schuster-carsten-vossel
-
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…
-
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-bypass-sonicwall-vpn-mfa-due-to-incomplete-patching/
-
Google publishes exploit code threatening millions of Chromium users
Google publishes exploit code before patch, reported 29 months earlier, is fixed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/
-
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/patch-now-critical-flaw-ot-robot-os
-
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…
-
Drupal critical update to fix bug with high exploitation risk
Drupal has announced a “core security release” scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/drupal-critical-update-to-fix-bug-with-high-exploitation-risk/
-
EClient Thunderbird 151 – Update verbessert OAuth-Authentifizierung
Thunderbird 151 erweitert unter anderem die OAuth-Anmeldung um zusätzliche Funktionen und schließt Sicherheitslücken. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/e-mail-client-thunderbird-151-update-verbessert-oauth-authentifizierung.97439
-
Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks
Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud. First seen on hackread.com Jump to article: hackread.com/banana-rat-malware-fake-invoices-16-brazilian-banks/
-
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
A critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package and stems from a combination of three distinct flaws that, when chained together, enable complete system compromise within seconds. Pardus Linux…
-
Mozilla Firefox 151 – Update bringt neue Startseite und verbesserten Schutz
Firefox bringt neben einer neuen Startseite einen verbesserten privaten Modus, neue PDF-Funktionen und verstärkten Schutz sensibler Daten. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/mozilla-firefox-151-update-bringt-neue-startseite-und-verbesserten-schutz.97434
-
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Verizon’s 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/verizon-dbir-enterprises-vulnerability-glut
-
Windows Zero-Day Barrage Continues After Patch Tuesday
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/windows-zero-day-barrage-continues-after-patch-tuesday
-
Drupal is rolling out an emergency security update on May 20. You cannot miss it
Tags: updateDrupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention. The Drupal Security Team has confirmed it will release…