Collecting Cyber-News from over 60 sources

Tag: update

NDSS 2025 Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China

Nov 12, 2025 9:49 PM

Tags: attack, china, conference, data-breach, dns, firewall, injection, Internet, monitoring, network, privacy, risk, side-channel, update, vulnerability

SESSION Session 3A: Network Security 1 Authors, Creators & Presenters: Shencha Fan (GFW Report), Jackson Sippe (University of Colorado Boulder), Sakamoto San (Shinonome Lab), Jade Sheffey (UMass Amherst), David Fifield (None), Amir Houmansadr (UMass Amherst), Elson Wedwards (None), Eric Wustrow (University of Colorado Boulder) PAPER Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of…
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
Microsoft users warned over privilege elevation flaw

Nov 12, 2025 7:49 PM

Tags: flaw, microsoft, update, vulnerability, windows

An elevation of privilege vulnerability in Windows Kernel tops the list of issues to address in the latest monthly Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634166/Microsoft-users-warned-over-privilege-elevation-flaw
Patchday: Windows Server-Updates (11. November 2025)

Nov 12, 2025 12:20 AM

Tags: update, windows

Zum 11. November 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/12/patchday-windows-server-updates-11-november-2025/
Patchday: Windows 10/11 Updates (11. November 2025)

Nov 12, 2025 12:20 AM

Tags: microsoft, update, vulnerability, windows

Am 11. November 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 (mit ESU-Lizenz) und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/12/patchday-windows-10-11-updates-11-november-2025/
Microsoft Security Update Summary (11. November 2025)

Nov 11, 2025 11:20 PM

Tags: microsoft, office, update, vulnerability, windows, zero-day

Microsoft hat am 11. November 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 63 Schwachstellen (CVEs), fünf kritisch, eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/11/microsoft-security-update-summary-11-november-2025/
Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs

Nov 11, 2025 11:20 PM

Tags: microsoft, update, zero-day

Security teams may have a less burdensome rollout in November after October’s Goliath Patch Tuesday, but shouldn’t wait on a few top-priority fixes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/patch-now-microsoft-zero-day-critical-zero-click-bugs
Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day

Nov 11, 2025 10:20 PM

Tags: exploit, microsoft, update, zero-day

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-november-2025/
Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day

Nov 11, 2025 10:20 PM

Tags: exploit, microsoft, update, zero-day

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-november-2025/
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)

Nov 11, 2025 9:20 PM

Tags: access, android, attack, best-practice, cve, cyber, exploit, flaw, github, linux, malicious, microsoft, office, rce, remote-code-execution, service, social-engineering, sql, update, vulnerability, windows, zero-day

5Critical 58Important 0Moderate 0Low Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild. Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important. This month’s update includes patches for: Azure Monitor Agent Customer Experience Improvement Program (CEIP) Dynamics 365 Field…
Microsoft Patch Tuesday for November 2025, Snort rules and prominent vulnerabilities

Nov 11, 2025 8:20 PM

Tags: microsoft, update, vulnerability

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
Microsoft releases KB5068781, The first Windows 10 extended security update

Nov 11, 2025 8:20 PM

Tags: microsoft, update, windows

Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb5068781-the-first-windows-10-extended-security-update/
Microsoft Patch Tuesday for November 2025, Snort rules and prominent vulnerabilities

Nov 11, 2025 8:20 PM

Tags: microsoft, update, vulnerability

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Nov 11, 2025 8:20 PM

Tags: exploit, flaw, microsoft, update, zero-day

Today is Microsoft’s November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
Windows 11 KB5068861 & KB5068865 cumulative updates released

Nov 11, 2025 8:20 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5068861 and KB5068865 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5068861-and-kb5068865-cumulative-updates-released/
Microsoft releases KB5068781, The first Windows 10 extended security update

Nov 11, 2025 8:20 PM

Tags: microsoft, update, windows

Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb5068781-the-first-windows-10-extended-security-update/
Emergency Windows 10 update fixes ESU enrollment bug

Nov 11, 2025 8:20 PM

Tags: microsoft, update, windows

Microsoft has released an emergency out-of-band update to address a known issue preventing Windows 10 users from enrolling in the Extended Security Updates (ESU) program. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-emergency-windows-10-update-fixes-esu-enrollment-bug/
Microsoft Patch Tuesday for November 2025 Fix for 0-day and Other 62 Vulnerabilities

Nov 11, 2025 8:20 PM

Tags: cve, cyber, exploit, microsoft, software, update, vulnerability, windows, zero-day

Microsoft has released its November 2025 Patch Tuesday update, addressing 63 security vulnerabilities across its software lineup. The update includes a critical fix for a zero-day vulnerability in the Windows Kernel that is confirmed to be actively exploited in the wild. The most critical patch in this month’s release is for CVE-2025-62215, an Elevation of…
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Files Anywhere on Target Systems

Nov 11, 2025 5:20 PM

Tags: advisory, cve, cvss, cyber, endpoint, ivanti, update, vulnerability

Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems. The company disclosed the security advisory on November 10, 2025, with the latest patch becoming available immediately. CVE Number Description CVSS Score Severity CVE-2025-10918 Insecure…
Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

Nov 11, 2025 5:20 PM

Tags: cisa, cve, exploit, flaw, kev, mobile, spyware, update, vulnerability

CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/samsung-spyware-cve-2025-21042/
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

Nov 11, 2025 5:20 PM

Tags: credentials, flaw, injection, sap, sql, update, vulnerability

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-hardcoded-credentials-flaw-in-sql-anywhere-monitor/
How a CPU spike led to uncovering a RansomHub ransomware attack

Nov 11, 2025 5:20 PM

Tags: attack, ransomware, update

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-cpu-spike-led-to-uncovering-a-ransomhub-ransomware-attack/
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Files Anywhere on Target Systems

Nov 11, 2025 5:20 PM

Tags: advisory, cve, cvss, cyber, endpoint, ivanti, update, vulnerability

Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems. The company disclosed the security advisory on November 10, 2025, with the latest patch becoming available immediately. CVE Number Description CVSS Score Severity CVE-2025-10918 Insecure…
How a CPU spike led to uncovering a RansomHub ransomware attack

Nov 11, 2025 5:20 PM

Tags: attack, ransomware, update

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-cpu-spike-led-to-uncovering-a-ransomhub-ransomware-attack/
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Files Anywhere on Target Systems

Nov 11, 2025 5:20 PM

Tags: advisory, cve, cvss, cyber, endpoint, ivanti, update, vulnerability

Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems. The company disclosed the security advisory on November 10, 2025, with the latest patch becoming available immediately. CVE Number Description CVSS Score Severity CVE-2025-10918 Insecure…
How a CPU spike led to uncovering a RansomHub ransomware attack

Nov 11, 2025 5:20 PM

Tags: attack, ransomware, update

A sudden CPU spike turned out to be the first clue of an in-progress RansomHub ransomware attack. Varonis breaks down how their team traced the attack from fake browser updates to domain-admin takeover, ultimately stopping the attack before files were encrypted. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-cpu-spike-led-to-uncovering-a-ransomhub-ransomware-attack/
Windows 11 26H1 is coming … for new processors only

Nov 11, 2025 4:20 PM

Tags: update, windows

It’s OK to look: New Canary channel build supports specific silicon while 26H2 remains the main 2026 update First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/microsoft_breaks_new_ground_with/
Windows 11 26H1 is coming … for new processors only

Nov 11, 2025 4:20 PM

Tags: update, windows

It’s OK to look: New Canary channel build supports specific silicon while 26H2 remains the main 2026 update First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/microsoft_breaks_new_ground_with/
Webinar: Modern Patch Management Strategies to patch faster with less risk

Nov 11, 2025 4:20 PM

Tags: risk, strategy, update

Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-modern-patch-management-strategies-to-patch-faster-with-less-risk/