BeyondTrust has issued a warning about a serious vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) software. This flaw could let unauthorized attackers run arbitrary code on affected systems, posing a significant security risk. Users of these software products are strongly advised to apply the necessary patches to protect their systems from potential exploitation. The vulnerability's nature means that it could be exploited without requiring any form of authentication, making it particularly dangerous. Organizations using BeyondTrust's software should prioritize updating to secure their environments against this threat.
Articles tagged "Patch"
Found 225 articles
BeyondTrust has addressed a serious remote code execution vulnerability, identified as CVE-2026-1731, which affects its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This vulnerability can be exploited without authentication, making it particularly dangerous for self-hosted customers. BeyondTrust is urging users to apply the patch immediately to protect their systems. Unlike a previous zero-day vulnerability exploited by threat actors linked to China, this issue was discovered by a security researcher and disclosed privately. The prompt action by BeyondTrust highlights the necessity for timely vulnerability management in remote access tools, which are critical for many organizations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a five-year-old vulnerability in GitLab that is currently being exploited in cyberattacks. This flaw affects various versions of GitLab, and its exploitation puts government agencies and organizations using this software at risk. CISA is urging all agencies to apply the necessary patches to safeguard their systems against potential attacks. This situation emphasizes the importance of keeping software up to date, especially for widely used platforms like GitLab. Failure to address such vulnerabilities can lead to serious security breaches, impacting sensitive data and operations.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in SolarWinds Web Help Desk that is currently being exploited in active attacks. This flaw poses a risk to federal agencies, which have been instructed to apply necessary patches within three days to mitigate potential damage. The urgency of the situation underscores the importance of maintaining up-to-date systems, especially for organizations that rely on SolarWinds products. If left unaddressed, this vulnerability could lead to unauthorized access and compromise sensitive data, affecting not just government agencies but potentially their partners and clients as well. The situation is a reminder for all users of SolarWinds software to remain vigilant and ensure their systems are secure.
Help Net Security
Last week, Microsoft addressed a serious vulnerability in its Office software, which was being actively exploited by attackers. This zero-day flaw could allow unauthorized access to user systems, putting sensitive information at risk. Users of Microsoft Office should ensure they install the latest updates to protect themselves from potential attacks. Additionally, Fortinet released patches for a flaw in its FortiCloud single sign-on (SSO) service, which could have allowed unauthorized access to user accounts. Organizations using FortiCloud should prioritize applying these updates to safeguard their systems from exploitation.
SmarterTools has released patches for two vulnerabilities in its SmarterMail email software, one of which is classified as critical. This flaw, identified as CVE-2026-24423, has a CVSS score of 9.3 and could allow attackers to execute arbitrary code on systems running affected versions of SmarterMail. Users of SmarterMail versions prior to build 9511 are particularly at risk. It's crucial for organizations using this software to update immediately to protect against potential exploitation. The existence of such a high-severity vulnerability underscores the importance of regular software updates and vigilance in cybersecurity practices.
As ransomware attacks become more aggressive, Chief Information Security Officers (CISOs) are urged to shift their focus towards enhancing business resilience. This includes taking immediate action to patch vulnerabilities, increasing user education to prevent successful phishing attempts, and implementing multi-factor authentication to secure access points. The rise in violent tactics used by attackers signals a need for companies to rethink their cybersecurity strategies and prioritize defense measures that can minimize disruptions. By proactively addressing these areas, organizations can better protect their assets and ensure continuity in the face of potential ransomware threats.
A vulnerability in WinRAR, a popular file compression software, is being exploited by Russian and Chinese nation-state attackers, even though a patch was released last July to fix the issue. This flaw poses a significant risk, particularly to small and medium-sized businesses (SMBs), which may not have updated their software or may be unaware of the vulnerability. The fact that this exploitation is ongoing months after the patch was issued raises concerns about the security practices of many organizations. Companies using affected versions of WinRAR need to take immediate action to protect themselves from potential breaches. Staying updated with software patches is crucial, especially when attackers are targeting known vulnerabilities.
SCM feed for Latest
The Office of Management and Budget (OMB) has issued a new memo aimed at improving supply chain security practices across federal agencies. The memo emphasizes the need for a risk-based approach, suggesting that evidence of security measures should become a standard requirement rather than an optional component. This shift is important as supply chain vulnerabilities can expose organizations to significant risks, especially in a landscape where many rely on third-party vendors. The emphasis on evidence aims to ensure that agencies are not just making promises but are actively demonstrating their commitment to security. As these vulnerabilities can impact a wide range of systems and services, the effectiveness of this new guidance will depend on its implementation and adherence by federal entities.
SolarWinds has issued important security updates to address two serious vulnerabilities in its Web Help Desk software. The flaws include an authentication bypass that could allow unauthorized access and a remote command execution (RCE) vulnerability, which could enable attackers to run commands on affected systems. These issues affect users of the Web Help Desk, which is widely used in IT support environments. Organizations relying on this software need to act quickly, as these vulnerabilities could lead to significant security breaches if exploited. Users are advised to apply the updates provided by SolarWinds to mitigate these risks.
Fortinet has addressed a significant vulnerability tracked as CVE-2026-24858, which could allow attackers to bypass authentication and gain unauthorized access to devices linked to other FortiCloud accounts. This flaw presents a serious risk, as it enables malicious actors to potentially control devices that should be secure. Users and organizations utilizing FortiCloud services are particularly affected, as their account security could be compromised. Fortinet's swift action to patch this vulnerability is crucial to prevent exploitation and protect users' sensitive data. Companies using Fortinet products should ensure they apply the latest updates to mitigate this risk effectively.
OpenSSL has patched 12 vulnerabilities, including a high-severity flaw that allows remote code execution. This vulnerability was identified by a cybersecurity firm and poses significant risks for users and organizations relying on OpenSSL for secure communications. Attackers could exploit this flaw to execute arbitrary code on affected systems, potentially compromising sensitive data and operations. Users and organizations should prioritize applying the latest updates to safeguard their systems against potential attacks. The patch addresses critical issues that could affect a wide range of applications and services leveraging OpenSSL, making timely remediation essential.
Microsoft has released a patch for a zero-day vulnerability in its Office software, identified as CVE-2026-21509. This flaw allows attackers to bypass certain security features, potentially putting users at risk. Reports suggest that the vulnerability may have already been exploited in targeted attacks against specific organizations. As a result, it's crucial for all users of Microsoft Office to apply this patch promptly to protect themselves from potential intrusions. The patch is part of Microsoft's ongoing efforts to enhance the security of its products and safeguard user data from malicious activities.
The Hacker News
Microsoft has released emergency patches for a serious vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw has a CVSS score of 7.8, indicating it is a significant security risk. The vulnerability allows attackers to bypass security features by exploiting untrusted inputs, potentially leading to unauthorized access. Organizations using affected Microsoft Office products should prioritize applying these patches, as the vulnerability is currently being exploited in the wild. This situation emphasizes the need for users to stay vigilant and maintain their software up to date to protect against such threats.
Microsoft is looking into issues with some Windows 11 devices that are failing to boot after users installed the January 2026 Patch Tuesday security updates. Affected users are encountering 'UNMOUNTABLE_BOOT_VOLUME' errors, which prevent their systems from starting up properly. This situation could disrupt the workflow of many individuals and organizations that rely on Windows 11 for daily operations. Microsoft has not yet provided a specific fix or workaround for the problem, leaving users uncertain about how to resolve the issue. The investigation is ongoing as the company seeks to identify the root cause of the boot failures and implement a solution.