Articles tagged "Patch"

Found 224 articles

A recently discovered vulnerability in Cursor allows attackers to execute arbitrary code on users' systems without their consent. By creating a malicious repository containing a 'git.exe' file in the project root, attackers can exploit this flaw, which Cursor executes automatically when the repository is accessed. This puts users at significant risk, especially those who frequently interact with repositories from untrusted sources or do not have adequate security measures in place. As there is currently no patch available to fix this issue, users should be cautious when using Cursor and consider limiting their exposure to potentially harmful repositories. This vulnerability serves as a reminder of the importance of maintaining security hygiene in software development environments.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to quickly address three vulnerabilities in SharePoint that are currently being exploited by attackers. Among these, two have been identified as zero-days, meaning they are actively targeted before a patch was made available. This situation poses significant risks to users of SharePoint, as attackers could gain unauthorized access to sensitive data or disrupt operations. Organizations that use SharePoint are advised to prioritize patching these vulnerabilities to protect their systems and data from potential breaches. Immediate action is crucial to mitigate the risks associated with these exploits.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. The first, CVE-2023-4346, affects the KNX Protocol Connection Authorization Option 1, which has an overly restrictive account lockout mechanism, making it a target for attackers. The second, CVE-2026-46817, involves improper privilege management in Oracle E-Business Suite. These vulnerabilities pose significant risks, particularly to federal agencies, which are required by CISA's Binding Operational Directive 26-04 to prioritize rapid remediation of high-risk vulnerabilities. While this directive specifically applies to federal agencies, CISA encourages all organizations to adopt similar practices. Organizations that identify exploited vulnerabilities not listed in the KEV Catalog can submit them for potential inclusion.

Read Original

Fortinet, Ivanti, and ServiceNow have all issued important patches for various vulnerabilities in their products. A notable issue was found in the ServiceNow AI platform, where a critical security flaw could allow remote attackers to execute arbitrary code. This vulnerability poses a significant risk to users, as it could enable unauthorized access and control over affected systems. Organizations using the ServiceNow platform should act quickly to apply the available updates to protect against potential exploitation. The situation serves as a reminder for companies to regularly update their software to mitigate risks from such vulnerabilities.

Read Original
Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three vulnerabilities in on-premises SharePoint Server that are currently being exploited by attackers. These flaws affect SharePoint instances that are accessible via the internet, putting organizations at risk of unauthorized access and data breaches. Administrators are urged to take immediate action to protect their systems, as the vulnerabilities allow attackers to execute malicious commands and potentially compromise sensitive information. This situation is particularly concerning for businesses and government agencies that rely on SharePoint for collaboration and document management. Promptly applying available patches is essential to mitigate these risks and safeguard against ongoing exploitation.

Read Original

Siemens, Schneider Electric, and Rockwell Automation have addressed numerous vulnerabilities in their industrial control system (ICS) products. These fixes come as part of the latest ICS Patch Tuesday updates, which also prompted advisories from the Cybersecurity and Infrastructure Security Agency (CISA) and VDE CERT. The vulnerabilities could potentially expose systems to various cyber threats, affecting critical infrastructure and manufacturing sectors. Companies using these ICS products need to ensure they apply the latest patches to mitigate any risks associated with these vulnerabilities. This update is crucial for maintaining the security and integrity of industrial operations.

Read Original

SonicWall has issued a warning about two vulnerabilities in its SMA1000 series, identified as CVE-2026-15409 and CVE-2026-15410. These flaws are being actively exploited by attackers in zero-day attacks, meaning they are being targeted before a fix has been widely implemented. As such, SonicWall is urging all users of the SMA1000 series to apply the newly released security updates to protect against these threats. Failure to patch could leave systems vulnerable to unauthorized access and potential data breaches. Users should prioritize this update to maintain the security of their networks.

Read Original

SAP has issued critical updates in July 2026 to fix several vulnerabilities, including a serious flaw in the SAP NetWeaver Application Server ABAP, identified as CVE-2026-44747. This vulnerability has a CVSS score of 9.9 and involves an out-of-bounds write issue that could allow an authenticated attacker to exploit memory management errors. If successfully executed, this could lead to memory corruption, potentially enabling attackers to expose or modify sensitive data. Organizations using the affected SAP NetWeaver Application Server should prioritize these updates to protect their systems from possible exploitation. Timely patching is crucial to maintaining the integrity and confidentiality of their data.

Read Original

Progress Software has confirmed that a serious zero-day vulnerability led to the emergency shutdown of ShareFile Storage Zone Controllers last week. Users of ShareFile, a cloud-based file sharing and storage service, were affected as the company worked to address the flaw. Progress has since released security updates to patch this vulnerability, which could have potentially allowed unauthorized access or data breaches. This incident is significant because it underscores the risks associated with cloud storage services, highlighting the need for users to ensure their systems are updated promptly to protect sensitive data.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating they are being actively exploited in the wild. The vulnerabilities include two related to SonicWall SMA1000 Appliances, specifically a server-side request forgery and a code injection vulnerability. Additionally, there are two Microsoft vulnerabilities affecting Active Directory Federation Services and SharePoint Server, which involve insufficient access control and missing authentication for critical functions, respectively. These vulnerabilities pose significant risks, especially to federal agencies, as they can lead to total asset control by attackers post-exploitation. CISA's guidance encourages all organizations to prioritize remediation of these high-risk vulnerabilities to enhance their security posture.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2008-4128, to its Known Exploited Vulnerabilities Catalog. This vulnerability affects Cisco IOS and is associated with cross-site request forgery, which allows attackers to exploit vulnerable systems. It poses significant risks, particularly for federal agencies, as it can lead to total control over affected assets after exploitation. CISA's Binding Operational Directive 26-04 emphasizes the need for federal agencies to prioritize rapid remediation of such high-risk vulnerabilities. While this directive primarily applies to federal agencies, CISA encourages all organizations to adopt similar practices for managing vulnerabilities effectively. Agencies are also urged to check for any compromises before applying patches to mitigate risks.

Read Original

Zimbra has patched a serious vulnerability that allows attackers to execute malicious code through specially crafted emails. When a user opens one of these emails, the embedded code runs without their consent, posing a significant security risk. This flaw affects users of Zimbra's email software, which is widely used by organizations for communication. The potential for exploitation makes it crucial for users to update their systems promptly. Patching this vulnerability helps protect against unauthorized access and data breaches, which could have serious consequences for affected organizations.

Read Original

The Australian Cyber Security Centre (ACSC) has issued a warning about a global campaign exploiting vulnerabilities in content management systems (CMS) and their associated plugins. This alert is particularly relevant for website owners and organizations that rely on these platforms, as attackers are actively seeking out weaknesses to gain unauthorized access. The ACSC did not specify which CMS platforms or plugins are most affected, but the alert serves as a reminder for users to stay vigilant and ensure their systems are up-to-date. With many websites using popular CMS platforms, the potential impact could be widespread, leading to data breaches or website defacement. Users are encouraged to regularly patch their systems and monitor for any suspicious activity.

Read Original

The Department of Homeland Security (DHS) has reported a significant data breach involving one of its databases, although specific details about the extent of the breach or the data compromised have not been disclosed. Meanwhile, Adobe is increasing the frequency of its security updates to better protect users from vulnerabilities, responding to the growing number of cyber threats. In another development, Canadian authorities have successfully disrupted ransomware operations, which is a crucial step in combating the rise of these attacks. Additionally, a data breach at AssuranceAmerica has put the personal information of around 7 million individuals at risk. This series of events illustrates the ongoing challenges organizations face in safeguarding sensitive data and the need for improved security measures across various sectors.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. The vulnerabilities are CVE-2026-48939 and CVE-2026-56291, both linked to unrestricted file uploads in iCagenda and Balbooa Forms, respectively. These types of vulnerabilities allow attackers to upload potentially harmful files, posing a serious risk to federal agencies and other organizations. CISA's Binding Operational Directive 26-04 emphasizes the need for federal agencies to prioritize the remediation of these high-risk vulnerabilities swiftly. While the directive specifically targets federal entities, CISA encourages all organizations to adopt similar risk-based strategies for vulnerability management.

Read Original
Page 1 of 15Next