Tag: update
-
October Patch Tuesday Fails Hard, Windows Update Considered Harmful?
Satya fiddles while Redmond burns? Showstopper bugs with security certificates”, plus failing USB keyboards and mice”, cause QA questions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/patch-tuesday-fail-richixbw/
-
Compliance Isn’t an Annual Ritual Anymore
It’s starting to feel like 2025 is going to be the year of IT compliance. We hear about new regulations like the CRA, PLD, DORA, SSDF; as well as, updates to standards like FDA, PCI-DSS, and SSDF. If you’re a compliance nerd this has been an absolutely wild year. It seems like there’s a new……
-
Domain Reputation Update April September 2025
Tags: updateOver the last 6 months a total of 43.5 million new domains were registered, 75% of them gTLDs, with .top (+94%) and .xyz (+103%) among the top three. Domain listings surged by 48.3%, and one registry saw particularly huge increases – can you guess which one? Read the latest Domain Reputation Update. First seen on…
-
Domain Reputation Update April September 2025
Tags: updateOver the last 6 months a total of 43.5 million new domains were registered, 75% of them gTLDs, with .top (+94%) and .xyz (+103%) among the top three. Domain listings surged by 48.3%, and one registry saw particularly huge increases – can you guess which one? Read the latest Domain Reputation Update. First seen on…
-
U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, update, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Oracle recently released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS…
-
Security patch or self-inflicted DDoS? Microsoft update knocks out key enterprise functions
Tags: api, authentication, banking, control, cryptography, ddos, defense, flaw, government, microsoft, network, tool, update, windowsMalfunctioning devices, failed connections, and installation errors: Update KB5066835 can also cause USB devices, including keyboards and mice, to malfunction in WinRE, preventing navigation in recovery mode. However, the keyboard and mouse do continue to work normally within the Windows OS. Microsoft has now released an out-of-band update, KB5070773, to address the issue.Additionally, the security…
-
Windows 11 KB5070773 emergency update fixes Windows Recovery issues
Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-usb-issue-that-made-windows-recovery-unusable/
-
Verbatim Keypad Secure: Sicherheits-USB-Stick trotz Patch weiterhin knackbar
Trotz schützender Firmware-Updates sind verschlüsselte Verbatim-USB-Datenträger mit PIN-Tastenfeld weiter anfällig für Brute-Force-Attacken. First seen on golem.de Jump to article: www.golem.de/news/verbatim-keypad-secure-sicherheits-usb-stick-trotz-patch-weiterhin-knackbar-2510-201366.html
-
NDSS 2025 Workshop On Security And Privacy In Standardized IoT (SDIoTSec) 2025, Paper Presentation Session: Security And Privacy In Iot Standards, Protocols And Implementations
Tags: authentication, compliance, conference, data, detection, framework, iot, network, nist, privacy, software, updatePAPERS SecuWear: Secure Data Sharing Between Wearable Devices Sujin Han (KAIST) Diana A. Vasile (Nokia Bell Labs), Fahim Kawsar (Nokia Bell Labs, University of Glasgow), Chulhong Min (Nokia Bell Labs) Analysis of Misconfigured IoT MQTT Deployments and a Lightweight Exposure Detection System Seyed Ali Ghazi Asgar, Narasimha Reddy (Texas A&M University) Privacy Preserved Integrated Big…
-
October updates break USB input in Windows Recovery
Microsoft has confirmed that this month’s security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-updates-break-usb-mice-and-keyboards-in-windows-recovery/
-
Microsoft fixes Windows Server Active Directory sync issues
Microsoft is rolling out a fix for Active Directory issues affecting some Windows Server 2025 systems after installing security updates released since September. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-active-directory-sync-issues/
-
Microsoft warns of Windows smart card auth issues after October updates
Microsoft says the October 2025 Windows security updates are causing smart card authentication and certificate issues due to a change designed to strengthen the Windows Cryptographic Services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-security-updates-cause-windows-smart-card-auth-issues/
-
âš¡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It’s easy to think your defenses are solid, until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect.Here’s a quick look at this…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Unklarheit über Zuständigkeit – Sammelklage für Facebook-Nutzer nach Datenvorfall läuft weiterhin
Tags: updateFirst seen on security-insider.de Jump to article: www.security-insider.de/sammelklage-fuer-facebook-nutzer-nach-datenvorfall-a-9b755b7de9fb653577c3529a3fb72d42/
-
USB-Eingabegeräte: Oktober-Update macht Windows-Recovery unbedienbar
Die jüngsten Windows-Updates schaffen mal wieder eine Reihe neuer Probleme – etwa bei der Smartcard-Authentifizierung und der Bedienung von WinRE. First seen on golem.de Jump to article: www.golem.de/news/usb-eingabegeraete-oktober-update-macht-windows-recovery-unbedienbar-2510-201325.html
-
Windows 11 24H2/25H2 Update Breaks Mouse and Keyboard in Recovery Mode
Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards and mice useless within the Windows Recovery Environment (WinRE). The patch, released on October 14, 2025, affects Windows 11 versions 24H2 and 25H2, along with Windows Server 2025, creating a critical roadblock for system troubleshooting…
-
Critical Zimbra SSRF Flaw Exposes Sensitive Data
Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to access sensitive data through the platform’s chat proxy configuration. The flaw, classified as high severity, affects Zimbra versions 10.1.5 through 10.1.11, prompting the company to urge immediate action from users and administrators.”‹ Understanding the…
-
Microsoft Windows 11 October Update Disrupts Localhost (127.0.0.1) Connectivity
Microsoft’s October 2025 Windows 11 update has introduced an unexpected connectivity issue affecting developers and IT professionals worldwide. The security patch KB5066835, released on October 14, 2025, for OS Builds 26200.6899 and 26100.6899, has disrupted localhost connections, preventing applications from accessing services running on the loopback address 127.0.0.1. The update, which primarily addressed security vulnerabilities…
-
Sicherheits-News Teil 1: F5 seit Monaten gehackt, Updates für BIG-IP veröffentlicht
Tags: updateZum Ende der Woche noch eine kurze Information zu einer Sicherheitsmeldung, die mir untergekommen ist. Das US-Unternehmen F5 war seit Monaten durch einen staatlichen Akteur gehackt und diverse Systeme waren infiltriert. Es wurde Daten samt Quellcode aus der Entwicklungsabteilung abgezogen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/18/sicherheits-news-f5-big-gehackt/
-
US Scrambles to Patch F5 Amid China-Linked Breach
Concerns Grow Over F5 Hacking Amid Stalled Government Shutdown. Federal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-scrambles-to-patch-f5-amid-china-linked-breach-a-29759
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
ConnectWise fixes Automate bug allowing AiTM update attacks
ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
-
ConnectWise fixes Automate bug allowing AiTM update attacks
ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
-
Microsoft lifts more safeguard holds blocking Windows 11 updates
Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-lifts-more-safeguard-holds-blocking-windows-11-updates/