Articles tagged "Update"

Found 247 articles

A recent glitch in Lloyds Banking Group's app has exposed sensitive data of nearly 448,000 customers. During a routine update, the flaw allowed unauthorized access to transaction details and personal information, raising significant concerns about data privacy. The bank has acknowledged the issue and is investigating the extent of the exposure. Customers affected by this incident may need to monitor their accounts closely for any suspicious activity. This incident underscores the risks associated with software updates and the importance of robust security measures in protecting customer data.

Read Original

Google has rolled out new location privacy features in the Android 17 Beta 3, allowing users better control over their precise location data. A key addition is the location button, which enables one-time access to location information for tasks like finding nearby places or tagging content, without the need for continuous tracking. This update aims to minimize data collection practices and enhance user privacy while providing developers with the tools necessary to design safer applications. This change is particularly relevant as location data can often be sensitive, and users are increasingly concerned about how their information is used. By implementing these features, Google is responding to user demands for greater transparency and control over personal data.

Read Original

Microsoft has withdrawn the KB5079391 update for Windows 11 after users reported installation issues resulting in error code 0x80073712. This non-security preview update was intended to enhance the operating system but instead caused problems for those attempting to install it. The company is now investigating the source of the error, which is affecting users who downloaded this particular update. For many, this means they may have to wait longer for fixes or improvements that were supposed to come with the update. It's a reminder of the potential complications that can arise from software updates and the importance of monitoring system changes closely.

Read Original
Actively Exploited

A new type of malware called Torg Grabber is targeting users by stealing sensitive information from around 850 browser extensions, with over 700 specifically linked to cryptocurrency wallets. This malware is designed to capture private keys, passwords, and other critical data, posing a significant risk to individuals who manage their digital assets online. The widespread nature of this attack means that many popular wallet extensions could be compromised, leaving users vulnerable to financial theft. Researchers are urging users to be cautious about which extensions they install and to regularly update their security practices. This incident highlights the ongoing challenges in keeping digital assets safe from evolving cyber threats.

Read Original

TP-Link has addressed a significant security vulnerability in its Archer NX router series, identified as CVE-2025-15517, which has a CVSS score of 8.6. This flaw allows attackers to bypass authentication measures, potentially enabling them to install malicious firmware on affected devices. The vulnerability affects several models, including the Archer NX200, NX210, and NX500, among others. Users of these routers are urged to update their firmware promptly to protect against potential exploits. This incident is particularly concerning as it highlights the risks associated with consumer-grade networking equipment, which often lacks robust security measures.

Read Original

Last week, security researchers discovered that ScreenConnect servers were vulnerable to attacks due to misconfigurations, potentially allowing unauthorized access to sensitive data. Additionally, a flaw in Microsoft SharePoint was exploited, putting numerous organizations at risk. This vulnerability could allow attackers to execute malicious code or gain access to restricted information. Both incidents emphasize the need for companies to regularly review their security settings and update their systems to protect against these types of vulnerabilities. With many businesses relying on these platforms, the implications of these security issues could be significant, affecting operational integrity and data confidentiality.

Read Original

Ubiquiti has released patches to address a critical vulnerability in its UniFi Network application, specifically affecting versions 10.1.85 and earlier. The vulnerability, tracked as CVE-2026-22557, poses significant risks to users who have not yet updated their software. This flaw could potentially allow attackers to exploit the system, compromising network security. Users of the affected versions are strongly advised to update to the latest version to safeguard their networks. The urgency of this patch highlights the ongoing need for regular software updates to protect against evolving threats.

Read Original

Oracle has issued an emergency security update to address a serious vulnerability in its Identity Manager and Web Services Manager products, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, which poses a significant risk to organizations using these systems. The vulnerability could potentially be exploited to gain unauthorized access and control over sensitive information. Users of Oracle's Identity Manager and Web Services Manager should prioritize applying the update to protect their systems from potential attacks. This incident underscores the ongoing need for vigilance in software security, particularly with products that manage identity and access controls.

Read Original

Aura, a cybersecurity firm, has reported a data breach that affects approximately 900,000 records. The breach occurred after an employee was targeted in a phone phishing attack, which allowed attackers to steal information from a marketing tool used by the company. This incident raises concerns about the effectiveness of employee training in recognizing phishing attempts and the security measures in place for sensitive data. Users whose information may have been compromised should remain vigilant about potential follow-up phishing attempts or identity theft. The breach serves as a reminder for organizations to continuously update their security protocols and educate employees about the risks of social engineering attacks.

Read Original

Ubiquiti has addressed two vulnerabilities in its UniFi Network Application, including a serious flaw that could let attackers take control of user accounts. This vulnerability is particularly concerning as it affects the security of network management for users, potentially allowing unauthorized access to sensitive information and settings. Users of the application should ensure they update to the latest version to mitigate this risk. The company has emphasized the importance of applying these patches promptly to maintain network security. As cyber threats continue to evolve, staying updated with software patches is crucial for protecting against potential account takeovers.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a recently patched vulnerability in SharePoint, identified as CVE-2026-20963. This remote code execution flaw allows attackers to run malicious code on affected systems, posing a significant risk to organizations using the software. Microsoft released a patch for this vulnerability back in January, but the discovery of in-the-wild exploitation suggests that some users may not have applied the update. Organizations using SharePoint should prioritize implementing the latest security updates to protect against potential breaches. Failing to address this vulnerability could lead to unauthorized access and data compromise, making it crucial for companies to stay vigilant and proactive in their cybersecurity practices.

Read Original

A phishing attempt targeting a C-suite executive at cybersecurity firm Outpost24 recently came to light. The attackers used trusted brands and domains to trick the executive into revealing their login credentials. Although the attack was ultimately unsuccessful, it raises concerns about the vulnerabilities even experienced professionals face when dealing with sophisticated phishing schemes. This incident serves as a reminder for organizations to remain vigilant and reinforce security training, particularly for high-level staff who are often prime targets for attackers. The tactics employed in this case reflect the evolving strategies of cybercriminals, making it crucial for companies to continually update their defenses against such threats.

Read Original

Microsoft has released an out-of-band update to address three vulnerabilities in Windows 11's Routing and Remote Access Service (RRAS). The vulnerabilities, identified as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could potentially allow remote code execution when users connect to a malicious server. This is a serious concern as it could enable attackers to execute harmful code on affected systems. Users of Windows 11 should ensure they apply the latest updates to protect their devices from these risks. The prompt release of this patch reflects the urgency in addressing vulnerabilities that can be exploited remotely, highlighting the need for users to stay vigilant about software updates.

Read Original
Critical
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A serious SQL injection vulnerability has been discovered in the Ally WordPress plugin, putting over 200,000 websites at risk of data theft. This flaw allows attackers to manipulate database queries, potentially exposing sensitive user information. Although a patch has been released to fix the issue, many installations remain unpatched and therefore vulnerable. Website owners are urged to apply the update as soon as possible to protect their sites and users. The ongoing risk highlights the importance of timely software updates in safeguarding against cyber threats.

Read Original

An international law enforcement operation has successfully dismantled SocksEscort, a criminal proxy service that had infected around 369,000 residential and small business routers across 163 countries. The U.S. Department of Justice revealed that this botnet was used for large-scale fraud, leveraging malware to control the infected routers. Users of these routers were largely unaware that their devices had been compromised. The operation underscores the ongoing threat posed by botnets and the importance of securing home and business networks. With thousands of routers involved, this incident serves as a reminder for individuals and businesses to regularly update their devices and apply security patches to protect against such malware infections.

Read Original
PreviousPage 10 of 17Next