Tag: update
-
Codex can now operate between apps. Where are the boundaries?
OpenAI is rolling out a major update to the Codex desktop app for users signed in with ChatGPT. Personalization features, including context-aware suggestions and memory, will … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/openai-codex-desktop-update-macos/
-
Datei wächst ohne Ende: Speicherpanne bei über 230 Access-Point-Modellen von Cisco
Unzählige WiFi-Access-Points von Cisco büßen durch einen Bug täglich 5 Mbyte an Speicherplatz ein. Es drohen fehlschlagende Updates und Bootschleifen. First seen on golem.de Jump to article: www.golem.de/news/protokolldatei-waechst-speicherpanne-bei-ueber-230-access-point-modellen-von-cisco-2604-207679.html
-
New infosec products of the week: April 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Axonius, Broadcom, Siemens, and Sitehop. Axonius updates Asset Cloud with AI, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/new-infosec-products-of-the-week-april-17-2026/
-
New infosec products of the week: April 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Axonius, Broadcom, Siemens, and Sitehop. Axonius updates Asset Cloud with AI, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/new-infosec-products-of-the-week-april-17-2026/
-
April Patch Tuesday brings zero-days in Defender, SharePoint Server
Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server
-
Google Play is changing how Android apps access your contacts and location
Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/google-play-store-policy-updates/
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
OpenAI updates Agents SDK, adds sandbox for safer code execution
OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/openai-agents-sdk-harness-and-sandbox-update/
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-165-vulnerabilities-april-2026/
-
Behind the Mythos hype, Glasswing has just one confirmed CVE
Why is Glasswing still a big deal: VulnCheck’s findings reframe Glasswing’s capabilities. The limited number of directly attributable CVEs is just one way of measuring its impact. Industry observers are interpreting Mythos much differently.Melissa Bischoping, a SANS Technology Institute board member and senior Director of security and product research at Tanium, thinks Mythos potential lies…
-
WhatsApp New Update Lets You Chat Without Sharing Your Phone Number
WhatsApp is testing usernames that could let users chat without sharing phone numbers, adding a new privacy layer now rolling out to some beta users. The post WhatsApp New Update Lets You Chat Without Sharing Your Phone Number appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-usernames-feature-privacy-update/
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
Cisco says critical Webex Services flaw requires customer action
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company’s cloud-based Webex Services platform that requires further customer action. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-says-critical-webex-services-flaw-requires-customer-action/
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/
-
Critical nginx UI tool vulnerability opens web servers to full compromise
Tags: access, ai, api, attack, authentication, ceo, credentials, data-breach, endpoint, exploit, infrastructure, Internet, risk, service, software, threat, tool, update, vulnerability/mcp_message, was implemented without authentication, a weakness Pluto Security dubbed ‘MCPwn’.”This exposes 12 MCP tools, including config writes with automatic nginx reload, to any host on the network. One unauthenticated API call is all it takes to inject a config and take over nginx,” said Pluto Security.Leveraging MCPwn, an attacker would be able to intercept…
-
April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/
-
North Korea Uses ClickFix to Target macOS Users’ Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data
-
‘Harmless’ Global Adware Transforms Into an AV Killer
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/harmless-global-adware-av-killer
-
Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update
Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/microsoftoriginal-windows-secure-boot-certificates-expire
-
Warum ein Risk-Operations-Center die Zukunft der Risikobehebung ist
Patching ist die grundlegende Methode zum Schutz von Systemen, doch der schiere Umfang moderner Infrastrukturen hat traditionelle Behebungsmodelle überholt. Untersuchungen von der Qualys Threat Research Unit zeigen einen 6,5-fachen Anstieg bei behobenen Vorfällen, doch die ‘Readiness-Lücke” wird immer größer: Der Anteil kritischer Schwachstellen, die am siebten Tag noch offen sind, stieg im Jahr 2025 auf…
-
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws
-
Microsoft announces product it doesn’t want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
No reports of active exploitation (yet) First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/critical_fortinet_sandbox_bugs/
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…