A significant vulnerability, identified as CVE-2026-3854, has been discovered in GitHub.com and GitHub Enterprise Server, potentially allowing remote code execution. This flaw poses a risk to millions of repositories hosted on these platforms, which are widely used by developers and organizations for version control and collaboration. If exploited, attackers could execute arbitrary code, leading to unauthorized access and manipulation of sensitive codebases. The discovery emphasizes the need for users to remain vigilant and update their systems promptly to mitigate potential risks. GitHub has urged users to apply the latest patches to safeguard their repositories against this vulnerability.
Articles tagged "Update"
Found 247 articles
BleepingComputer
Vimeo has confirmed that user data was accessed without authorization due to a breach at Anodot, a company specializing in data anomaly detection. This incident has raised concerns as it potentially exposes sensitive information of Vimeo customers. While Vimeo has not disclosed the exact nature of the data accessed, users need to be cautious and monitor their accounts for any suspicious activity. This breach is significant as it underscores the vulnerabilities that can arise when companies share data with third-party services. Users are advised to update their passwords and enable two-factor authentication if they haven't already.
Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers have discovered a serious vulnerability in PackageKit, a package management tool used across various Linux distributions. This flaw, dubbed Pack2TheRoot, allows attackers to gain full root access, potentially compromising the security of affected systems. Linux distributions that utilize PackageKit, which includes many popular versions, are at risk. This vulnerability is particularly concerning because it has been present for over a decade, raising questions about the security practices in place for maintaining open-source software. Users and system administrators are urged to update their systems and apply any available patches to mitigate the risk of exploitation.
A new wave of the GlassWorm malware campaign is targeting the OpenVSX ecosystem through 73 malicious 'sleeper' extensions. These extensions initially appear harmless but become malicious after receiving an update, posing a significant risk to users who may unknowingly install them. Researchers have noted that this tactic allows attackers to bypass traditional security measures that focus on identifying known malware. Developers and users of OpenVSX should be particularly vigilant, as these extensions can compromise their systems without warning. The situation emphasizes the need for caution when updating software and extensions from less familiar sources.
Security Affairs
A recently discovered vulnerability, tracked as CVE-2026-6770, allowed attackers to track and fingerprint users of Firefox and the Tor Browser, even when they were using Private Browsing mode. This flaw could bypass Tor's New Identity feature, which is designed to enhance privacy. As a result, both Firefox version 150 and Tor Browser version 15.0.10 have released updates to address this issue. This vulnerability is particularly concerning because it compromises the privacy protections that users rely on, especially those using Tor for anonymous browsing. Users are urged to update their browsers promptly to protect against this tracking risk.
Hackread – Cybersecurity News, Data Breaches, AI and More
A flaw in Microsoft Entra's Agent ID allowed for privilege escalation, which could lead to a complete tenant takeover through the misuse of Service Principals. This vulnerability posed a significant risk to organizations using Microsoft Entra, as it could enable attackers to gain unauthorized access to sensitive data and systems. Microsoft has since released a patch to address this issue, ensuring that affected users can secure their environments. It is crucial for companies to apply this update promptly to mitigate potential risks and protect their assets from exploitation. Regular monitoring and security practices should also be reinforced to prevent similar vulnerabilities in the future.
The latest Security Affairs Malware newsletter highlights several emerging cybersecurity threats. One notable mention is Morpheus, a new spyware linked to IPS Intelligence, which poses risks to user privacy and data security. Additionally, the newsletter discusses DarkSword and Coruna, which are targeting vulnerabilities in iPhones, suggesting that even this previously secure platform is now at risk. Another significant threat is the Lotus Wiper, aimed at the energy and utilities sector, indicating a growing trend of cyberattacks on critical infrastructure. Lastly, a new variant of NGate has been reported, showcasing the ever-evolving landscape of malware. These developments emphasize the need for companies and individuals to stay vigilant and update their security measures.
Researchers from Unit 42 have found that attackers are now using artificial intelligence to exploit vulnerabilities in cloud systems with impressive speed. This capability allows cybercriminals to automate attacks, potentially leading to more significant breaches and data theft. The report emphasizes the growing sophistication of these AI-driven attacks, making it vital for organizations to bolster their security measures. Companies that rely heavily on cloud infrastructure must stay vigilant and update their defenses to counter these emerging threats. As AI technology continues to evolve, the risk of such attacks will likely increase, necessitating a proactive approach to cloud security.
Hackers have compromised Docker images and extensions for the Checkmarx KICS analysis tool, specifically targeting Visual Studio Code and Open VSX. This breach allows attackers to access sensitive data from developer environments, raising serious concerns about the security of development tools widely used in the industry. Developers who have integrated these tools into their workflows may unknowingly expose their projects and sensitive information to unauthorized access. This incident emphasizes the need for developers to be vigilant about the tools they use and the sources from which they download software. Users are advised to check their systems for any compromised extensions and to update their security protocols to mitigate potential risks.
Infosecurity Magazine
Apple has addressed a significant flaw in iOS that allowed deleted notifications to linger and expose message content. This vulnerability could potentially let others view sensitive information even after users thought they had deleted it. Affected users include anyone running iOS versions prior to the fix, which was rolled out in a recent update. The issue raises concerns about privacy, as it could lead to unintended sharing of personal messages. Apple has encouraged users to update their devices to ensure their information remains secure.
The latest update for Firefox, version 150, addresses a significant number of security vulnerabilities—271 in total. This update improves features like split view and tab sharing while also reinforcing the browser's security. Users are strongly encouraged to update to this version to protect themselves against potential exploitation of these vulnerabilities. The involvement of Claude Mythos suggests collaboration in identifying and fixing these issues. It's essential for users to stay updated to avoid risks associated with unpatched software.
Oracle has released a significant update, patching 481 vulnerabilities across 28 of its product families. Among these, over 300 patches address remotely exploitable flaws that do not require authentication, making them particularly concerning for users. This update is part of Oracle's April 2026 Critical Patch Update (CPU), which aims to enhance security for its various software products. Users of Oracle software should prioritize applying these patches to protect their systems from potential attacks. The vulnerabilities could allow attackers to exploit systems without needing any user credentials, which increases the urgency for swift action.
SCM feed for Latest
Federal agencies in the U.S. are facing significant security challenges as they modernize their systems under new fiscal mandates for 2026. Robert Imhof, a federal architect at Fortinet, warns that the merging of cloud services, IT, and operational technology has outpaced existing security measures, which are often disjointed and ineffective. This lack of visibility creates vulnerabilities that could be exploited by cybercriminals. As agencies rush to update their infrastructures, they need to prioritize the integration of their security architectures to protect against potential attacks. This situation affects not only government operations but could also have broader implications for national security and public safety.
Hackers have been exploiting the QEMU machine emulator in at least two separate campaigns aimed at deploying ransomware and remote access tools. This abuse allows attackers to bypass security measures, making it harder for organizations to detect their malicious activities. The implications are significant, as this could potentially lead to data breaches and unauthorized access to sensitive information. Companies using QEMU should be vigilant and assess their defenses against these types of attacks to safeguard their systems. Researchers are urging affected organizations to review their security protocols and update their defenses accordingly.
Infosecurity Magazine
The National Cyber Security Centre (NCSC) has announced a coordinated plan aimed at strengthening the cybersecurity resilience of the National Health Service (NHS) in the UK. This initiative comes in response to ongoing concerns about cyber threats targeting healthcare systems, especially in light of recent attacks that have compromised patient data and disrupted services. The NCSC's strategy includes improving the overall security posture of NHS organizations by providing guidance, resources, and support to help them better defend against potential cyber incidents. This effort is crucial as the NHS plays a vital role in public health, and any cyber disruption could have serious implications for patient care and safety.