Articles tagged "Update"

Found 247 articles

A new ransomware strain called Osiris was identified in a November 2025 attack targeting a significant food service franchise in Southeast Asia. Researchers from Symantec and Carbon Black reported that the attackers used a malicious driver known as POORTRY through a technique called Bring Your Own Vulnerable Driver (BYOVD) to disable security tools. This method allowed the ransomware to operate without detection, posing a serious risk to the affected organization. With ransomware attacks on the rise, this incident highlights the need for companies to strengthen their defenses against evolving tactics. The incident serves as a reminder for businesses to continuously update their security measures and remain vigilant against such threats.

Read Original

A serious vulnerability has been discovered in all versions of GNU InetUtils telnetd, specifically those ranging from 1.9.3 to 2.7. This flaw, which allows remote attackers to bypass authentication, has gone unnoticed for nearly 11 years. Given the age of this issue, many systems may still be running vulnerable versions, putting users at risk. The discovery emphasizes the need for organizations to audit their systems and ensure they are not using outdated software. Users and administrators should take immediate action to update or patch their systems to mitigate potential exploitation.

Read Original

GitLab has addressed a serious vulnerability in its authentication services that allowed attackers to bypass two-factor authentication (2FA). This flaw was due to an unchecked return value, which meant that if an attacker knew a target's account ID, they could submit fake device responses to gain unauthorized access. The issue is particularly concerning as it undermines a key security feature—2FA—that many users rely on to protect their accounts. GitLab has released patches to fix this vulnerability, and users are urged to update their systems promptly to ensure their accounts remain secure. This incident serves as a reminder of the importance of robust security measures in software development and the need for vigilance against potential exploits.

Read Original

Microsoft has issued a temporary workaround for users experiencing freezes in Outlook after applying the latest Windows security updates. This issue has affected many customers who rely on Outlook for their email and daily tasks, causing disruptions and frustration. The freezes appear to be linked to the recent updates, prompting Microsoft to step in with a solution while they work on a permanent fix. Users are advised to implement the provided workaround to mitigate the impact on their productivity. This situation serves as a reminder of how software updates, while important for security, can sometimes lead to unexpected problems.

Read Original

GitLab has issued a security patch for a serious vulnerability that allows attackers to bypass two-factor authentication (2FA) in both its community and enterprise editions. This flaw could potentially give unauthorized users access to sensitive accounts if exploited. Additionally, GitLab addressed issues related to denial-of-service (DoS) attacks, which could disrupt services for legitimate users. The company advises all users to update their systems promptly to mitigate these risks. This situation emphasizes the importance of keeping software up to date to protect against emerging threats.

Read Original

In January 2026, Oracle released its first Critical Patch Update (CPU) of the year, addressing approximately 230 unique vulnerabilities across over 30 of its products. This update includes a total of 337 new security patches, which users are encouraged to apply to protect their systems. These vulnerabilities could potentially expose systems to various security risks, making it crucial for affected organizations to implement the patches promptly. The update reflects Oracle's ongoing commitment to security, as it aims to mitigate risks associated with its software products. Users and administrators should ensure they are running the latest versions to safeguard against potential exploitation.

Read Original

Researchers have identified a cross-site scripting (XSS) vulnerability in the control panel of StealC malware, an infostealer that has been operating since at least 2023. This malware, which is sold as a service, targets and extracts sensitive information like cookies and passwords from victims. The flaw in the control panel has exposed important details about the attackers behind the malware, raising concerns about the ongoing threat to users' data security. Since its update to StealC v2 in 2025, the malware has continued to pose risks to individuals and organizations alike. The discovery emphasizes the need for vigilance against such malware, as the information leak could lead to further malicious activities by the attackers.

Read Original

This week, several significant cybersecurity incidents have emerged, showcasing the vulnerabilities within various systems. Notably, flaws in Fortinet products have come to light, potentially exposing users to exploitation. Additionally, researchers have identified the RedLine Clipjack malware, which can hijack browser sessions, affecting users who may not realize their data is being compromised. The discovery of a method to crack NTLM authentication raises concerns for organizations relying on this protocol, as it could lead to unauthorized access. Furthermore, a new attack targeting AI tools like Copilot illustrates how these advancements can be manipulated, posing risks to users and their data. These incidents emphasize the need for robust security measures as technology continues to evolve rapidly.

Read Original
Actively Exploited

Cisco has addressed a serious vulnerability in its AsyncOS software that has been exploited since November 2025. This zero-day flaw specifically affects Secure Email Gateway (SEG) appliances, which are used by organizations to filter and protect email traffic. Attackers have been able to exploit this weakness, putting sensitive data at risk and potentially compromising email communications for users relying on these appliances. The timely patch is crucial for organizations to secure their email systems and prevent further exploitation. Companies using these SEG appliances should prioritize applying the update to safeguard against these attacks.

Read Original

Security researcher Eaton Zveare identified five serious vulnerabilities in Bluspark's Bluvoyix platform, which is used in shipping and supply chain management. Among these flaws were the use of plaintext passwords and an unauthenticated API, both of which could potentially allow unauthorized access to sensitive data. This incident raises concerns for companies relying on Bluvoyix, as attackers could exploit these weaknesses to gain access to critical operational information. Bluspark has since released patches to address these vulnerabilities, but the exposure of such significant flaws underscores the need for robust security practices in software development. Users of the platform should ensure they update to the latest version to mitigate these risks.

Read Original

The January Patch Tuesday updates for Windows include important changes to Secure Boot, which safeguards computers against bootkit malware. Secure Boot is a security feature that ensures only trusted software is loaded during the startup process. The updates address expiring certificates that could compromise this protection if not renewed. Users and IT administrators are urged to install these patches promptly to mitigate the risk of bootkit attacks, which can allow malicious software to take control of a system before the operating system loads. Keeping Secure Boot updated is crucial for maintaining the integrity and security of Windows PCs.

Read Original

A hacker has claimed to have fully breached Max Messenger, a messaging app popular in Russia, and is threatening to leak sensitive user data and backend systems unless their demands are met. This situation raises alarms for users of the app, as it could expose personal information and compromise the security of communications on the platform. The hacker's claims have not yet been verified, and the company has not publicly responded to the threat. If the breach is legitimate, it could have serious implications for user privacy and trust in the app. The incident underscores the ongoing risks associated with messaging platforms and the potential for cybercriminals to exploit vulnerabilities.

Read Original

Recent updates to Chrome and Firefox have patched 26 security flaws, including several high-severity vulnerabilities that could allow attackers to execute arbitrary code. Chrome version 144 and Firefox version 147 are now available, and users are strongly encouraged to update their browsers to protect against potential exploits. These vulnerabilities can affect a wide range of users, making it crucial for individuals and organizations to stay current with software updates. Ignoring these patches could leave systems open to attacks that might compromise sensitive data or disrupt operations. The updates not only fix the bugs but also enhance overall browser security, which is vital in today’s digital landscape.

Read Original

Recently, over 100,000 records containing valid PayPal credentials were claimed to have been leaked by cybercriminals. However, researchers from Cybernews have dismissed these claims, stating that the data appears to be outdated and likely sourced from previous infostealer logs rather than a new breach. This situation raises concerns for users who might worry about the security of their PayPal accounts, even though the current evidence suggests there is no fresh compromise. It's important for individuals to remain vigilant and regularly update their passwords, regardless of the validity of this specific claim. The incident serves as a reminder of the ongoing risks associated with credential theft and the necessity for users to use strong, unique passwords for their accounts.

Read Original

In January 2026, a significant software update addressed 114 Common Vulnerabilities and Exposures (CVEs), including three that were categorized as zero-days. These vulnerabilities could potentially allow attackers to execute arbitrary code or escalate privileges on affected systems. Notably, the patched software includes widely used products from major vendors, though specific names were not disclosed. This update is crucial as it aims to protect users from potential exploits that could compromise sensitive data or system integrity. Companies and users are strongly advised to apply the updates promptly to mitigate any risks associated with these vulnerabilities.

Read Original
PreviousPage 13 of 17Next