Articles tagged "Update"

Found 247 articles

Critical
Vulnerability Mis-Management - PSW #917

SCM feed for Latest

Actively Exploited

A recent security vulnerability has been identified in several widely-used software applications, affecting users and businesses alike. This vulnerability allows attackers to gain unauthorized access to sensitive data, putting personal and organizational information at risk. The affected products include popular content management systems and cloud services, which are used by millions of individuals and enterprises. Experts urge users to update their software immediately to protect against potential exploitation. Failure to address this issue could lead to significant data breaches and financial loss for affected parties.

Read Original

A new strain of malware called Slopoly has been linked to an Interlock ransomware attack, allowing attackers to infiltrate a compromised server and remain undetected for over a week. This malware is believed to be generated using AI tools, showcasing the evolving capabilities of cybercriminals. During this time, sensitive data was stolen, raising concerns for organizations that may be targeted. The incident highlights the need for enhanced security measures to detect and respond to such sophisticated attacks. Companies must remain vigilant and update their defenses to protect against similar threats in the future.

Read Original

Splunk and Zoom recently addressed serious vulnerabilities in their software that could allow attackers to execute arbitrary shell commands or gain elevated privileges. These flaws are categorized as critical and high-severity, posing significant risks to users and organizations using these platforms. The vulnerabilities could potentially enable unauthorized access and control over systems, which is particularly concerning for businesses that rely on these tools for communication and data analysis. Users are urged to update their software immediately to mitigate these risks. Both companies have released patches to fix the issues, and it’s crucial for affected users to implement these updates as soon as possible.

Read Original

A supply chain attack has impacted around 100,000 websites, originally thought to be linked to China but now connected to North Korea. Researchers discovered that an infostealer malware infection was involved, which indicates that the attackers may have been targeting sensitive information from these sites. The incident raises concerns about the security of web applications and the potential for further exploitation as many organizations rely on third-party libraries. This attack serves as a reminder for website owners to regularly update their software and monitor for unusual activity to safeguard against similar threats in the future.

Read Original

The article discusses the ongoing challenge of securing outdated industrial controllers that are still in use across various sectors in the U.S. Many of these controllers date back 30 years, and some were developed by individuals who have since passed away, complicating efforts to update or secure the technology. This situation is concerning because these legacy systems can be vulnerable to cyberattacks, yet they are still critical for operations in industries such as manufacturing and utilities. As these devices are often sold on platforms like eBay, there is a growing concern about who is acquiring and potentially exploiting these systems. The article emphasizes the need for organizations to prioritize the security of these aging technologies to prevent potential breaches.

Read Original

In March 2026, a significant security update was released, addressing eight critical vulnerabilities among a total of 82 Common Vulnerabilities and Exposures (CVEs). Two of these vulnerabilities had been publicly disclosed before the patch, raising concerns about their potential exploitation. The vulnerabilities affect various products and systems, making it crucial for organizations and users to apply the updates promptly to safeguard their environments. The nature of these vulnerabilities could allow attackers to gain unauthorized access or disrupt services, emphasizing the need for vigilance in maintaining software security. Companies and IT departments should prioritize these patches to mitigate risks associated with these newly identified threats.

Read Original

Microsoft is rolling out a new feature for Teams that will automatically tag third-party bots trying to join meetings. This update will place these bots in a lobby, giving meeting organizers the ability to control whether they can enter the meeting or not. This move aims to enhance security by preventing unauthorized or unwanted bots from participating in discussions. It’s particularly significant for organizations that rely on Teams for sensitive communications, as it allows them to maintain better oversight over who can access their meetings. As more companies integrate bots into their workflows, ensuring that only trusted applications can join meetings becomes increasingly important for maintaining data security and privacy.

Read Original

Recent reports indicate that attackers are misusing the .arpa top-level domain (TLD) to carry out phishing attacks. By exploiting DNS record management controls, these threat actors are able to obscure the actual location of their malicious content, often using services like Cloudflare to mask their activities. This tactic not only complicates detection but also poses a significant risk to users who may unwittingly engage with these phishing sites. As phishing continues to evolve, it is crucial for individuals and organizations to remain vigilant and update their security measures to counter such deceptive practices. The implications of these attacks are serious, as they can lead to data theft and financial loss.

Read Original

In December 2025, npm implemented significant changes to its authentication process following the Sha1-Hulud incident, which was a notable supply-chain attack. While these updates are a positive move toward enhancing security, they do not fully protect npm projects from future supply-chain attacks or malware. Users of npm should remain vigilant, as the platform is still vulnerable to potential malware threats. This situation serves as a reminder that even after security improvements, the risk of attacks persists, and both developers and organizations need to adopt best practices to safeguard their projects. Staying informed and proactive is essential for a safer Node community.

Read Original

Apple has addressed a serious zero-day vulnerability, identified as CVE-2026-20700, which was used in targeted attacks last year. This flaw, a memory corruption issue in the dyld component of Apple's operating systems, could allow attackers to execute arbitrary code on affected devices. Specifically, the vulnerability impacts versions of iOS prior to iOS 26 and was reportedly exploited in sophisticated attacks against select individuals. Users of these older versions should update their devices to protect against potential exploitation.

Read Original

Microsoft has recently patched six zero-day vulnerabilities, which are serious security flaws that attackers can exploit to gain unauthorized access. Users are typically urged to update their systems immediately to protect against such threats. However, some experts are advising caution, suggesting that these patches might cause issues or conflicts with existing software. This situation leaves many users in a challenging position as they weigh the risks of applying the updates against the potential vulnerabilities. It's important for individuals and organizations to assess their specific environments before proceeding with the updates to ensure they don't inadvertently create new problems.

Read Original

In February 2026, Microsoft addressed over 50 security vulnerabilities during its Patch Tuesday update, including six zero-day flaws that were actively exploited by attackers. Notably, three of these zero-days involve security feature bypasses. One of the vulnerabilities, identified as CVE-2026-21513, impacts the MSHTML/Trident browser engine used in Internet Explorer on Windows, while CVE-2026-21514 affects Microsoft Word. Attackers can exploit these vulnerabilities by tricking users into opening malicious files or links. As these security holes are actively being exploited, users and organizations must apply the updates promptly to protect their systems from potential breaches.

Read Original

SAP has issued 26 new security notes along with one updated note addressing vulnerabilities in several of its products, including CRM, S/4HANA, and NetWeaver. This update was released on February 2026's security patch day, indicating that these vulnerabilities could pose significant risks to organizations using these systems. Companies that rely on SAP solutions should prioritize applying these patches to protect against potential exploitation. The vulnerabilities could allow attackers to gain unauthorized access or disrupt services, which can have serious consequences for businesses. It's crucial for SAP users to stay informed and act promptly to safeguard their systems.

Read Original

In February 2026, a significant security update was released that addressed 59 Common Vulnerabilities and Exposures (CVEs), including six zero-day vulnerabilities. These vulnerabilities could allow attackers to gain unauthorized access or execute malicious code on affected systems. Various products from multiple vendors are impacted, which means a wide range of users, including businesses and individual consumers, could be at risk. The presence of zero-day vulnerabilities indicates that attackers could exploit these weaknesses before users have the chance to apply the necessary patches. Companies and users are urged to update their systems promptly to mitigate potential risks associated with these vulnerabilities. Ignoring these updates could expose them to serious security breaches.

Read Original

Hackers are exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to gain unauthorized access to systems. This allows them to execute code on affected machines, deploying legitimate forensic tools like Velociraptor to maintain persistence and enable remote control. Organizations using SolarWinds WHD should be particularly vigilant, as these vulnerabilities can lead to serious security breaches. The situation underscores the need for companies to regularly update and patch their systems to protect against such attacks. Users of the software must act quickly to ensure their environments are secure.

Read Original
PreviousPage 11 of 17Next