Articles tagged "Update"

Found 247 articles

Mozilla has rolled out updates for Firefox to fix two serious vulnerabilities that could be exploited by attackers. The flaws, identified as CVE-2026-15718 and CVE-2026-15719, involve issues with JavaScript: WebAssembly and site isolation in the DOM: Navigation component. Mozilla has warned users that exploit code for these vulnerabilities is already available publicly, increasing the urgency for users to update. It’s crucial for Firefox users to install these updates promptly to protect against potential attacks that could compromise their security and privacy. Keeping software up to date is a key defense against such risks.

Read Original

Fortinet, Ivanti, and ServiceNow have all issued important patches for various vulnerabilities in their products. A notable issue was found in the ServiceNow AI platform, where a critical security flaw could allow remote attackers to execute arbitrary code. This vulnerability poses a significant risk to users, as it could enable unauthorized access and control over affected systems. Organizations using the ServiceNow platform should act quickly to apply the available updates to protect against potential exploitation. The situation serves as a reminder for companies to regularly update their software to mitigate risks from such vulnerabilities.

Read Original

Siemens, Schneider Electric, and Rockwell Automation have addressed numerous vulnerabilities in their industrial control system (ICS) products. These fixes come as part of the latest ICS Patch Tuesday updates, which also prompted advisories from the Cybersecurity and Infrastructure Security Agency (CISA) and VDE CERT. The vulnerabilities could potentially expose systems to various cyber threats, affecting critical infrastructure and manufacturing sectors. Companies using these ICS products need to ensure they apply the latest patches to mitigate any risks associated with these vulnerabilities. This update is crucial for maintaining the security and integrity of industrial operations.

Read Original

The UK government has updated its National Risk Register to include warnings about the potential severity of cyber-attacks. This update indicates a growing concern over the impact that such attacks could have on critical infrastructure and national security. Officials are urging businesses and public sector organizations to bolster their cybersecurity measures in light of these threats. The register serves as a guide for preparedness and response strategies, emphasizing the need for vigilance against increasingly sophisticated cyber threats. This move underscores the importance of being proactive in cybersecurity, as attackers are constantly evolving their tactics.

Read Original

SonicWall has issued a warning about two vulnerabilities in its SMA1000 series, identified as CVE-2026-15409 and CVE-2026-15410. These flaws are being actively exploited by attackers in zero-day attacks, meaning they are being targeted before a fix has been widely implemented. As such, SonicWall is urging all users of the SMA1000 series to apply the newly released security updates to protect against these threats. Failure to patch could leave systems vulnerable to unauthorized access and potential data breaches. Users should prioritize this update to maintain the security of their networks.

Read Original
Critical
ABB T-MAC Plus

All CISA Advisories

ABB has identified multiple vulnerabilities in its T-MAC Plus version 4.0-24 software, which could allow attackers to exploit the system in various ways. These vulnerabilities include issues like file disclosure, broken access controls, cross-site scripting (XSS), and an insecure network protocol that could lead to denial-of-service attacks. Affected users are urged to update to version 4.0-25, which contains fixes for these issues. The vulnerabilities are considered serious, with CVSS scores ranging from 7.4 to 9.9, indicating that they pose significant risks to security. Companies using this software should prioritize applying the update to protect their systems from potential exploitation.

Read Original

Rockwell Automation's 1715-AENTR EtherNet/IP Adapter has a serious vulnerability (CVE-2026-10577) affecting versions up to 3.003. This flaw exposes a debug port that lacks proper authentication controls, allowing attackers to gain unauthorized access to critical functions. If exploited, they could read or delete files, halt tasks, modify memory, and alter I/O states, threatening the device's confidentiality, integrity, and availability. This vulnerability is particularly concerning as it impacts sectors like energy and manufacturing, where security is crucial. Users are advised to upgrade to version 3.011 or later to mitigate the risks associated with this vulnerability.

Read Original
High
ABB Ability Edgenius

All CISA Advisories

ABB has identified a vulnerability, CVE-2026-31431, in its ABB Ability Edgenius platform, which affects versions 3.2.0.0 to 3.2.4.0. This vulnerability is linked to a flaw in the Linux kernel's cryptographic interface that could allow a locally authenticated user to gain elevated privileges, potentially leading to full control of the system. While there have been no reports of this vulnerability being exploited in the wild, ABB recommends that users update to version 3.2.4.1 to mitigate the risk. Users should also limit access to their systems to enhance security. This incident underscores the importance of timely software updates and access controls in protecting against potential exploits.

Read Original
Critical
ABB Advant Master Online Builder

All CISA Advisories

ABB has identified a vulnerability in its Advant Master Online Builder products that could allow unauthorized code execution due to improper handling of search paths for loading dynamic link libraries (DLLs). Affected versions include Control Builder A versions up to 1.4/4 and multiple iterations of 800xA for Advant Master. To mitigate the risk, ABB has released updates that resolve the vulnerability, advising users to upgrade to specific patched versions. Importantly, the vulnerability requires physical access to the system, which limits its exploitability. However, users are still urged to manage access strictly and enforce strong security practices to prevent potential exploitation.

Read Original
Actively Exploited

CISA has issued a warning about active exploitation of several vulnerabilities in on-premises SharePoint Server instances, specifically CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164. These vulnerabilities allow attackers to execute remote code and potentially steal sensitive data from affected systems. All supported versions of SharePoint Server, including the Subscription Edition, 2019, and 2016, are at risk. Organizations are advised to monitor their SharePoint Servers for unusual activities and to apply the latest patches from Microsoft. Additional vulnerabilities have been identified but are not yet known to be exploited, emphasizing the need for prompt updates and hardening measures to prevent possible breaches.

Read Original

SAP has issued a warning regarding 16 vulnerabilities in various products, with three of these classified as critical. The affected products include NetWeaver, Commerce Cloud, and AppRouter. These flaws could potentially allow attackers to exploit weaknesses in the systems, which is particularly concerning for organizations relying on these platforms for their operations. Users of these SAP products should take immediate action to address these vulnerabilities to protect their data and systems. The update comes as part of SAP's July 2026 security updates, emphasizing the ongoing need for vigilance in cybersecurity practices.

Read Original

A recently discovered vulnerability in RabbitMQ allows unauthenticated attackers to access the broker's confidential OAuth client secret. This could give them the ability to take control of the broker, posing a significant risk to enterprise systems that rely on this messaging platform. Organizations using RabbitMQ should be particularly vigilant as this flaw could lead to unauthorized access and data breaches. The issue underscores the need for companies to regularly update their security measures and monitor for potential intrusions. As RabbitMQ is widely used in various applications, the implications of this vulnerability could be far-reaching if not addressed promptly.

Read Original

Zimbra has patched a serious vulnerability that allows attackers to execute malicious code through specially crafted emails. When a user opens one of these emails, the embedded code runs without their consent, posing a significant security risk. This flaw affects users of Zimbra's email software, which is widely used by organizations for communication. The potential for exploitation makes it crucial for users to update their systems promptly. Patching this vulnerability helps protect against unauthorized access and data breaches, which could have serious consequences for affected organizations.

Read Original

Debian has released version 13.6, also known as 'trixie,' to address over a hundred security advisories, including a significant issue with UEFI Secure Boot. Most PCs rely on a Secure Boot certificate authority that has expired, which can prevent machines from booting properly when Secure Boot is enabled. This update includes a fix through the firmware update tool, fwupd, which has been upgraded to handle the expired certificate. Users running Debian 13.6 need to install this update to ensure their systems remain secure and functional. This release emphasizes the importance of keeping system software up to date to mitigate potential security risks.

Read Original

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in iCagenda and Balbooa Forms to its Known Exploited Vulnerabilities catalog. These flaws could allow attackers to compromise systems that utilize these applications, potentially leading to unauthorized access or data breaches. Organizations using these products should assess their systems for the vulnerabilities and apply any available patches or updates. The inclusion of these vulnerabilities in the CISA catalog signals their seriousness and emphasizes the need for organizations to stay vigilant about securing their software. This update is part of ongoing efforts to inform the public about critical vulnerabilities that could be exploited by cybercriminals.

Read Original
Page 1 of 17Next