Articles tagged "Update"

Found 247 articles

Zimbra has issued a warning regarding a serious stored cross-site scripting (XSS) vulnerability in its Classic Web Client, which is commonly used for accessing Zimbra Collaboration. This flaw allows attackers to execute malicious code when users open compromised emails. The company has released version 10.1.19 to address this vulnerability, which currently does not have a CVE ID. Users of the Classic Web Client should update to this latest version as soon as possible to safeguard their mailboxes from potential exploitation. This incident emphasizes the need for prompt software updates to protect sensitive information from cyber threats.

Read Original

Palo Alto Networks has addressed 13 vulnerabilities in its PAN-OS software, which includes serious issues like buffer overflow, denial-of-service (DoS), command injection, server-side request forgery (SSRF), and authentication bypass. These vulnerabilities could allow attackers to gain unauthorized access, disrupt services, or execute harmful commands. Organizations using PAN-OS should prioritize these updates to protect their networks from potential exploitation. The presence of these vulnerabilities emphasizes the need for companies to stay vigilant and regularly update their systems. Users are urged to apply the latest patches as soon as possible to mitigate risks.

Read Original

Microsoft has rolled out a security update to address a serious vulnerability in its Malware Protection Engine, specifically CVE-2026-50656. This flaw, which affects Windows 10 and Windows 11, allows authenticated attackers to escalate their privileges to SYSTEM-level by exploiting improper link resolution before file access. The vulnerability was brought to light on June 10, and it poses a significant risk as it can be exploited with relatively low complexity. Users of affected systems should prioritize applying this update to safeguard their devices against potential attacks that could compromise system security.

+1 more
Read Original

Schneider Electric has reported a vulnerability affecting its Easergy MiCOM Px40 Series protection relays, which are used in medium to extra high voltage applications. The vulnerability allows unauthorized exposure of device identification through the SNMP protocol, impacting various models including the Easergy MiCOM P14x, P24x, P341, and several others, all prior to specific firmware versions. This issue raises concerns for critical infrastructure sectors such as energy and manufacturing, as it could lead to unauthorized access to sensitive device information. Users are advised to implement immediate mitigations or upgrade to firmware versions that eliminate SNMP functionality to protect their systems. This situation is particularly pressing for organizations relying on these devices for operational safety and security.

Read Original

Microsoft is set to retire the Outlook Web Access (OWA) Light client in an upcoming update to Exchange Server. This lightweight version of the email client was designed for users with limited bandwidth or older devices. The discontinuation means that users relying on OWA Light will need to transition to the standard OWA client, which could impact their ability to access email if their devices or connections are not compatible. Microsoft has not yet specified a timeline for the retirement or provided detailed guidance on the transition process. This change could affect organizations with users who depend on the lighter version for remote access, potentially disrupting their workflow.

Read Original

A new ransomware strain called GodDamn has been identified by cybersecurity researchers, specifically the Threat Hunter Team at Symantec. This ransomware uses a malicious kernel driver named PoisonX to disable endpoint security measures, allowing it to operate without detection. GodDamn was first observed in the wild on May 21, 2026, and is believed to be a rebranding of an earlier ransomware known as Beast. The use of PoisonX is particularly concerning as it directly undermines the defenses that companies rely on to protect their systems. Organizations need to be vigilant and update their security protocols to defend against this new threat.

Read Original

Google has released an update for Chrome, version 150, which addresses 27 vulnerabilities, including 13 use-after-free bugs. Among these, two have been classified as critical-severity flaws, which could potentially allow attackers to execute arbitrary code. This update is crucial for users of the Chrome browser, as it helps protect against these serious security risks. Users are encouraged to install the update promptly to ensure their systems remain secure. Regular updates are essential, as they often close vulnerabilities that could be exploited by cybercriminals.

Read Original

Ubiquiti has addressed seven vulnerabilities in its UniFi OS, among which is a critical flaw designated as CVE-2026-50746. This particular vulnerability, with a maximum severity score of 10.0, allows for command injection attacks within the UniFi Connect Application, affecting versions 3.4.16 and earlier. This means that attackers could potentially execute arbitrary commands on the affected systems, leading to possible unauthorized access or control. Users of the UniFi Connect Application are urged to update their software to safeguard against these vulnerabilities. The implications of these flaws are significant, as they could expose sensitive data and disrupt services for organizations relying on Ubiquiti's solutions.

Read Original

Ubiquiti has issued urgent security updates to address seven vulnerabilities in its UniFi OS, including a particularly severe flaw that could allow attackers to execute command injection attacks. This vulnerability is critical because it gives unauthorized users a way to run malicious commands on affected systems. The issue affects various Ubiquiti products that utilize UniFi OS, which is widely used in network management. Users and organizations that rely on these devices should prioritize applying the latest patches to protect their networks. Failure to update could leave systems exposed to potential attacks, putting sensitive data at risk.

Read Original
Critical
Siemens SINEC OS

All CISA Advisories

Siemens has identified multiple vulnerabilities in its SINEC OS, particularly affecting the RUGGEDCOM RST2428P product. The issues stem from improper input validation, leading to potential allocation failures that could compromise system operations. Siemens has recommended users upgrade to version 4.0 or later to mitigate these risks. The vulnerabilities have been assigned CVE identifiers, indicating their recognition in the cybersecurity community. This situation is significant as it affects industrial control systems, which are critical for operational integrity and security.

+4 more
Read Original
Actively Exploited

CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2026-48282, which affects Adobe ColdFusion. This path traversal vulnerability allows attackers to gain unauthorized access and control over affected systems, posing significant risks, particularly to federal agencies. The Binding Operational Directive (BOD) 26-04 emphasizes the need for federal agencies to address high-risk vulnerabilities quickly, while also encouraging all organizations to adopt similar risk-based vulnerability management practices. CISA will continue to update the catalog as new vulnerabilities are identified, and organizations are urged to report any exploited vulnerabilities not currently listed. Rapid remediation is essential to mitigate potential exploitation risks.

Read Original
Critical
Siemens Mendix Studio Pro

All CISA Advisories

Siemens Mendix Studio Pro has a significant security vulnerability that affects multiple versions of the software, specifically those before version 11.12. This flaw allows attackers to execute arbitrary code by tricking users into opening malicious project files during the build process. The affected versions include Mendix Studio Pro 10.11 through 10.24, as well as 11.0 through 11.9. Siemens has released updates to address this issue, urging users to upgrade to version 10.24.21 or later, or version 11.6.7 or later. This vulnerability poses a serious risk, particularly in critical sectors like manufacturing and energy, making timely updates essential to protect user systems from potential exploits.

Read Original
Critical
Labcenter Proteus 9

All CISA Advisories

Labcenter Electronics' Proteus 9 software has been found to have several critical vulnerabilities, including out-of-bounds write, stack-based buffer overflow, and use-after-free issues. These vulnerabilities could allow attackers to execute arbitrary code on affected installations, potentially compromising sensitive systems in various sectors like healthcare, energy, and defense. Specifically, version 9.1_SP4_Build_42914 is affected, and users are urged to upgrade to the latest version, 9.2 SPO, to protect against these risks. While there are currently no known public exploits actively targeting these vulnerabilities, the potential for abuse remains concerning. It’s crucial for organizations to apply the recommended updates and implement security measures to safeguard their systems.

Read Original
Critical
Hitachi Energy e-mesh EMS

All CISA Advisories

Hitachi Energy has identified a buffer overflow vulnerability in specific versions of its e-mesh EMS product, which could lead to application outages and potential arbitrary code execution. The affected versions include e-mesh EMS 4.1.6, 4.4.2, and 4.7.0, which utilize NGINX versions 1.30.0 and below. Attackers could exploit this vulnerability by sending specially crafted HTTP requests under certain conditions, particularly if the system's Address Space Layout Randomization (ASLR) is disabled. Users are advised to apply a hotfix to update NGINX to version 1.30.2 or later and ensure ASLR is active. This vulnerability poses a significant risk to critical infrastructure sectors like energy, as it could lead to denial of service and operational disruptions.

Read Original

Researchers have identified seven vulnerabilities in the FatFs library, which is commonly used in the firmware of various devices such as security cameras, drones, and industrial controllers. These vulnerabilities can be exploited through malformed USB drives, SD cards, or firmware updates, putting many devices at risk. This is concerning because it could allow attackers to execute arbitrary code or manipulate device functions. Users of affected devices should be aware of this issue, as it could lead to unauthorized access or control over their equipment. Manufacturers need to address these vulnerabilities promptly to safeguard their products and customers.

Read Original
PreviousPage 2 of 17Next