Tag: update
-
Fortinet Locks Down FortiCloud SSO Amid Zero-Day Attacks
Mitigation: SSO Access Restricted After Attackers Compromised Fully Patched Devices. Network security giant Fortinet locked out cloud customers from its single sign-on service until they update device firmware with a patch against active attacks exploiting an improper access control zero day. Only Fortinet devices running the latest, patched firmware versions can use Fortinet SSO. First…
-
Fortinet unearths another critical bug as SSO accounts borked post-patch
More work for admins on the cards as they await a full dump of fixes First seen on theregister.com Jump to article: www.theregister.com/2026/01/28/fortinet_forticloud_vuln/
-
Autonomous System Uncovers Long-Standing OpenSSL Flaws
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/12-openssl-flaws/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
Pixel-Nutzer berichten nach Update über Probleme
Das Januar-Update macht bei manchen Nutzern Schwierigkeiten: Pixel-Besitzer berichten von WLAN- und Bluetooth-Problemen. First seen on golem.de Jump to article: www.golem.de/news/google-pixel-nutzer-berichten-nach-update-von-problemen-2601-204710.html
-
Critical FortiCloud SSO zero”‘day forces emergency service disablement at Fortinet
Attack details and indicators: Fortinet’s investigation into the exploitation revealed attackers used two specific FortiCloud accounts: “cloud-noc@mail.io” and “cloud-init@mail.io,” though the company warned “these addresses may change in the future.”Fortinet identified multiple IP addresses associated with the attacks, including several Cloudflare-protected addresses that attackers used to obscure their activities.”Following authentication via SSO, it has been…
-
Pixel-Nutzer berichten nach Update von Problemen
Das Januar-Update macht bei manchen Nutzern Schwierigkeiten: Pixel-Besitzer berichten von WLAN- und Bluetooth-Problemen. First seen on golem.de Jump to article: www.golem.de/news/google-pixel-nutzer-berichten-nach-update-von-problemen-2601-204710.html
-
Pixel-Nutzer berichten nach Update von Problemen
Das Januar-Update macht bei manchen Nutzern Schwierigkeiten: Pixel-Besitzer berichten von WLAN- und Bluetooth-Problemen. First seen on golem.de Jump to article: www.golem.de/news/google-pixel-nutzer-berichten-nach-update-von-problemen-2601-204710.html
-
Android just got smarter at stopping snatchrun phone thefts
Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/28/google-android-theft-protection-features/
-
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it’s…
-
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/28/fortinet-forticloud-sso-zero-day-vulnerability-cve-2026-24858/
-
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft released an emergency Office patch to fix an actively exploited zero-day flaw that lets attackers bypass security via malicious files. The post Microsoft Issues Emergency Patch for Active Office Zero-Day appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-office-zero-day-emergency-patch-january-2026/
-
Microsoft Rushes Emergency Patch for Office Zero-Day
To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-rushes-emergency-patch-office-zero-day
-
Apple Issues Urgent Software Fix Affecting Over 2 Billion iPhones
Apple released urgent iOS updates, including iOS 12.5.8 for older iPhones, after emergency-call issues in Australia and a 2027 certificate deadline. The post Apple Issues Urgent Software Fix Affecting Over 2 Billion iPhones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-urgent-iphone-software-update-january-2026/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update
Microsoft issued a second emergency Windows patch in January after earlier fixes caused new bugs, raising concerns about update quality and reliability. The post Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-second-emergency-windows-patch-january/
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft issued an emergency patch for an actively exploited Microsoft Office zero-day enabling code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-issues-emergency-patch-for-active-office-zero-day/
-
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints
Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/aws-iam-identity-center-ipv6/
-
Cybersecurity Act 2 – EU-Kommission plant NISUpdate
First seen on security-insider.de Jump to article: www.security-insider.de/eu-kommission-neues-cybersicherheitspaket-aenderungen-auswirkungen-a-2da7042c86934c5c9a0dec9a9e059999/
-
Office zero-day exploited in the wild forces Microsoft OOB patch
Another actively abused Office bug, another emergency patch Office 2016 and 2019 users are left with registry tweaks instead of fixes. First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/office_zeroday_exploited_in_the/
-
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-patch-office-zero-day/
-
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/microsoft-reveals-actively-exploited-office-zero-day-provides-emergency-fix-cve-2026-21509/
-
Windows Server vNext mit ReFS-Boot, neuen Lizenzen und Cluster-Updates – So viel ändert sich bei Windows Server 2028
First seen on security-insider.de Jump to article: www.security-insider.de/windows-server-2028-neuerungen-a-d5da3a9c95422e52b17f4c2e3a3c640b/
-
Claude expands tool connections using MCP
Anthropic has added interactive tool support to its Claude AI platform, a change powered by the open Model Context Protocol (MCP). The update lets users work directly with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/anthropic-claude-mcp-integration/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Emergency Microsoft update fixes inwild Office zero-day
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 20162024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509. The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019,…
-
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/