Articles tagged "Update"

Found 247 articles

Researchers have identified a new Brazilian banking trojan named TCLBANKER, which can target 59 different banking, fintech, and cryptocurrency platforms. This malware is being monitored by Elastic Security Labs under the reference ID REF3076. TCLBANKER is considered a significant upgrade from the Maverick malware family, which utilizes a worm called SORVEPOTEL to spread. The trojan's ability to exploit popular communication tools like WhatsApp and Outlook for distribution raises concerns about its potential reach and impact on users' financial security. As attackers continue to evolve their tactics, it's crucial for users and financial institutions to remain vigilant and implement strong security measures.

Read Original

Cisco has addressed several serious vulnerabilities in its enterprise products, particularly in Unity Connection. These flaws, identified as CVE-2026-20034 and CVE-2026-20035, could allow attackers to execute code, perform server-side request forgery (SSRF), or disrupt services. If exploited, these vulnerabilities could have significant implications for organizations using affected Cisco products, potentially leading to unauthorized access or service outages. Cisco has released patches to fix these issues, urging users to update their systems promptly to mitigate risks associated with these high-severity vulnerabilities.

Read Original
Critical
Why Outdated Maintenance Software Is a Growing Ransomware Risk

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Outdated maintenance software poses a significant risk for ransomware attacks by leaving systems vulnerable due to weak access controls and unpatched security flaws. As companies rely on these outdated systems, they expose critical operational data to potential attackers. This situation is particularly concerning for industries that depend on robust maintenance and operational integrity, as breaches could lead to severe disruptions and financial losses. Organizations are urged to regularly update their software and strengthen their cybersecurity measures to protect against these threats. Ignoring these vulnerabilities could have dire consequences for both the companies and their clients.

Read Original
Actively Exploited

A serious vulnerability in the vm2 library, widely used for sandboxing in Node.js applications, has been discovered. This flaw allows attackers to escape the sandbox environment and execute arbitrary code on the host system, posing a significant risk to applications relying on vm2 for security. Developers and organizations using this library need to take immediate action to safeguard their systems, as this vulnerability could lead to severe breaches. The issue affects multiple versions of vm2, making it critical for users to update their systems promptly. Failure to address this vulnerability could leave systems exposed to potential attacks.

Read Original

Proton Mail has rolled out an optional feature called post-quantum protection for all users, including those on the free plan. This new capability generates encryption keys that aim to secure future emails from potential quantum computer attacks. To use this feature, users must update their Proton Mail apps, as older versions do not support the new encryption keys. This move is significant because it prepares users' email communications for a future where quantum computing could compromise traditional encryption methods. By enabling post-quantum protection, users can enhance the security of their encrypted emails against evolving threats.

Read Original

A recent report from HeroDevs highlights a significant security gap in the use of Software Composition Analysis (SCA) tools, particularly regarding end-of-life (EOL) open source software. These tools often miss critical vulnerabilities in software that is no longer supported, leaving organizations exposed to risks they might not even be aware of. As many companies rely on outdated libraries, they may inadvertently introduce security weaknesses into their projects. HeroDevs is offering a free scan for users to identify EOL software in their projects, which can help organizations take proactive steps to secure their applications. This situation underscores the need for developers and security teams to regularly assess their software dependencies and update or replace outdated components to mitigate risks.

Read Original

A serious vulnerability, identified as CVE-2026-0073, has been discovered in the Android System component. This flaw allows attackers to execute remote code without any user interaction, posing a significant risk to devices running affected versions of Android. Users of Android devices should be particularly cautious, as this vulnerability could lead to unauthorized access and control over their devices. The potential for exploitation is high, making it crucial for users to apply the latest security updates. Android's security team has addressed this issue by releasing a patch to fix the vulnerability, and all users are encouraged to update their devices promptly to mitigate any risks.

Read Original

Oracle has announced a significant change to its security update process, set to take effect in May 2026. The company will introduce a monthly Critical Security Patch Update (CSPU) that aims to deliver smaller, more targeted fixes for security vulnerabilities. This new approach will complement the existing quarterly Critical Patch Updates (CPUs), which will continue to include all fixes from previous CSPUs. The shift to monthly updates is designed to make it easier for organizations to apply critical security fixes promptly. This change is particularly relevant for companies managing their own deployments, as it emphasizes the need for timely updates in an ever-evolving cybersecurity landscape.

Read Original

The UK's National Cyber Security Centre (NCSC) is warning organizations to brace for a wave of new software updates driven by advancements in artificial intelligence. This surge in updates is expected as developers respond to newly discovered vulnerabilities that AI tools can help identify more efficiently. The NCSC emphasizes that businesses and institutions need to ensure their systems are up-to-date to protect against potential security threats that exploit these vulnerabilities. With the growing reliance on software across various sectors, timely patching becomes crucial to maintain cybersecurity. Organizations are encouraged to review their update policies and prepare for increased patch management activities in the coming months.

Read Original

The article discusses several cybersecurity topics, including a denial-of-service (DOS) attack that impacts various services. Researchers have noted vulnerabilities in popular platforms like Outlook and cPanel, which could potentially expose user data or disrupt service. Additionally, there are mentions of security concerns related to programming languages such as Ruby and Go, which may affect developers using those technologies. The piece emphasizes the need for companies to stay vigilant and update their systems to prevent exploitation. This is significant as it affects not only individual users but also businesses relying on these platforms for their operations.

Read Original
Critical
Critical cPanel Vulnerability Lets Attackers Bypass Login, Gain Root Access

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A serious vulnerability has been discovered in cPanel, a popular web hosting control panel, allowing attackers to bypass login credentials and gain root access to servers. This flaw has been actively exploited before any patches were released, putting many web hosting providers and their clients at risk. The vulnerability affects users of cPanel, particularly those running outdated versions of the software. With root access, attackers could manipulate server settings, steal sensitive data, or take the server offline, which could lead to significant operational and financial consequences for affected companies. It is crucial for users to update their systems as soon as patches become available to mitigate these risks.

Read Original

SonicWall has released urgent firmware updates to address three vulnerabilities found in its SonicOS software, which affects Gen 6, Gen 7, and Gen 8 firewalls. These flaws could potentially allow attackers to bypass security controls and gain unauthorized access to restricted services. Users of these firewall models are strongly advised to apply the patches immediately to protect their systems from possible exploitation. The vulnerabilities underscore the importance of keeping security software up to date, as failure to patch could leave networks open to attacks. Companies relying on these firewalls should prioritize this update to safeguard their network environments.

Read Original

PyTorch Lightning, a widely used Python package, has been compromised in a supply chain attack, with attackers pushing two malicious versions—2.6.2 and 2.6.3—on April 30, 2026. This incident, identified by cybersecurity firms Aikido Security, Socket, and StepSecurity, aims to steal user credentials. Developers and organizations that use these specific versions are at risk, as the malicious code can capture sensitive information. Users are urged to quickly check their installations and update to secure versions to avoid potential credential theft. This attack emphasizes ongoing vulnerabilities within software supply chains, highlighting the need for vigilance among developers and users alike.

Read Original
Critical
New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

The newly discovered Bluekit Phishing Kit is a sophisticated tool that employs advanced techniques to target major online platforms. It utilizes an AI-driven approach called AiTM, which allows attackers to steal session data and bypass multi-factor authentication (MFA) protections. This poses a significant risk to users, as it could lead to unauthorized access to their accounts on popular services. The implications are serious, as many individuals rely on MFA to secure their online identities. Companies and users alike need to be vigilant and update their security measures to counteract these emerging threats.

Read Original

A serious vulnerability has been discovered in cPanel and WebHost Manager (WHM) that allows unauthorized users to access the control panel without proper authentication. This flaw affects all versions except the most recent ones, putting many web hosting services at risk. Attackers could exploit this weakness to gain control over web hosting environments, which could lead to data breaches or service disruptions. Users of cPanel and WHM are strongly advised to update their systems immediately to the latest versions to mitigate this risk. The urgency of this situation highlights the importance of keeping software up to date to protect against potential exploits.

Read Original
PreviousPage 6 of 17Next