patching

Record Microsoft Patch Tuesday, fresh zero-day

AI, Don't miss, Fortra, Hot stuff, Microsoft, Microsoft Defender, News, Patch Tuesday, patching, security update, Tenable, Trend Micro, Windows /

Record Microsoft Patch Tuesday, fresh zero-day 2026-06-10 at 14:23 By Zeljka Zorz Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in […]

Record Microsoft Patch Tuesday, fresh zero-day Read More »

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment

access controls, asset discovery, cybersecurity, Don't miss, Expert analysis, Expert corner, manufacturing sector, network, News, opinion, patching, vulnerability management /

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment 2026-06-04 at 09:26 By Help Net Security A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment Read More »

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching

AI, Anthropic, ChatGPT, code analysis, News, OpenAI, patching /

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching 2026-05-04 at 13:11 By Anamarija Pogorelec Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

Broadcom, CISA, Don't miss, ESXi, exploit, GreyNoise, Hot stuff, News, patching, Ransomware, VMWare, vulnerability, vulnerability management /

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

LLM vulnerability patching skills remain limited

Artificial Intelligence, CVE, LLMs, News, patching, research, vulnerability management /

LLM vulnerability patching skills remain limited 2025-12-11 at 08:47 By Sinisa Markovic Security teams are wondering whether LLMs can help speed up patching. A new study tests that idea and shows where the tools hold up and where they fall short. The researchers tested LLMs from OpenAI, Meta, DeepSeek, and Mistral to see how well

LLM vulnerability patching skills remain limited Read More »

Your critical infrastructure is running out of time

Cisco, critical infrastructure, cyber resilience, cybersecurity, News, patching, policy, report /

Your critical infrastructure is running out of time 2025-11-27 at 08:05 By Anamarija Pogorelec Cyber attackers often succeed not because they are inventive, but because the systems they target are old. A new report by Cisco shows how unsupported technology inside national infrastructure creates openings that attackers can exploit repeatedly. The findings show how widespread

Your critical infrastructure is running out of time Read More »

When IT fails, OT pays the price

critical infrastructure, cybercriminals, cybersecurity, manufacturing sector, News, patching, report, threats, transportation, Trellix /

When IT fails, OT pays the price 2025-11-20 at 07:02 By Anamarija Pogorelec State groups, criminal crews, and hybrid operators are all using familiar IT entry points to reach systems that support industrial processes, according to the latest Operational Technology Threat Report from Trellix. The report covers attacks observed from April through September 2025 and

When IT fails, OT pays the price Read More »

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)

CISA, Cisco, Don't miss, Government, Hot stuff, News, patching, vulnerability /

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) 2025-11-13 at 17:14 By Zeljka Zorz CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) Read More »

Automation can’t fix broken security basics

access control, Artificial Intelligence, automation, cyber hygiene, cybersecurity, News, patching, report, Swimlane /

Automation can’t fix broken security basics 2025-11-13 at 07:39 By Anamarija Pogorelec Most enterprises continue to fall short on basic practices such as patching, access control, and vendor oversight, according to Swimlane’s Cracks in the Foundation: Why Basic Security Still Fails report. Leadership often focuses on broad resilience goals while the day-to-day work that supports

Automation can’t fix broken security basics Read More »

PortGPT: How researchers taught an AI to backport security patches automatically

Artificial Intelligence, automation, Canonical, CISO, cybersecurity, DevSecOps, Don't miss, Features, Git, Hot stuff, Linux, LLMs, News, open source, patching, research, strategy, tips /

PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that

PortGPT: How researchers taught an AI to backport security patches automatically Read More »

Behind the scenes of cURL with its founder: Releases, updates, and security

code, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, open source, opinion, patching, software, software development, strategy, tips, vulnerability management /

Behind the scenes of cURL with its founder: Releases, updates, and security 2025-09-18 at 09:01 By Mirko Zorz In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of

Behind the scenes of cURL with its founder: Releases, updates, and security Read More »

Automated network pentesting uncovers what traditional tests missed

automation, cybersecurity, Don't miss, Hot stuff, network, News, patching, penetration testing, Vonahi Security /

Automated network pentesting uncovers what traditional tests missed 2025-09-10 at 11:45 By Zeljka Zorz Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000

Automated network pentesting uncovers what traditional tests missed Read More »

NIST proposes new metric to gauge exploited vulnerabilities

CISA, CISO, Don't miss, News, NIST, patching, security metrics, vulnerability assessment, vulnerability management /

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

NIST proposes new metric to gauge exploited vulnerabilities Read More »

What’s worth automating in cyber hygiene, and what’s not

1Password, authentication, automation, BitSight, CISO, credentials, cyber hygiene, cybersecurity, Don't miss, enterprise, Features, Hot stuff, News, passwords, patching, strategy, Swimlane, tips /

What’s worth automating in cyber hygiene, and what’s not 2025-04-29 at 09:05 By Mirko Zorz Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. Teams are scattered. Some machines haven’t been rebooted in months. Automation can help. But

What’s worth automating in cyber hygiene, and what’s not Read More »

Microsoft vulnerabilities: What’s improved, what’s at risk

BeyondTrust, cybersecurity, Microsoft, News, patching, report, vulnerability management /

Microsoft vulnerabilities: What’s improved, what’s at risk 2025-04-17 at 08:02 By Help Net Security Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more

Microsoft vulnerabilities: What’s improved, what’s at risk Read More »

Best practices for ensuring a secure browsing environment

browser, cookies, cybersecurity, Don't miss, Features, Hot stuff, Menlo Security, News, opinion, patching, Privacy, update /

Best practices for ensuring a secure browsing environment 2025-01-03 at 07:36 By Mirko Zorz In this Help Net Security interview, Devin Ertel, CISO at Menlo Security, discusses how innovations like AI and closer collaboration between browser vendors and security providers will shape the future of browser security. The post Best practices for ensuring a secure

Best practices for ensuring a secure browsing environment Read More »

The effect of compliance requirements on vulnerability management strategies

automation, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management /

The effect of compliance requirements on vulnerability management strategies 2024-11-29 at 07:34 By Mirko Zorz In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why

The effect of compliance requirements on vulnerability management strategies Read More »

Defenders must adapt to shrinking exploitation timelines

0-day, Don't miss, exploit, Hot stuff, Mandiant, News, patching, report, vulnerability management /

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

Defenders must adapt to shrinking exploitation timelines Read More »

Windows Server 2025 gets hotpatching option, without reboots

data center, Don't miss, Hot stuff, Microsoft, News, patching, security update, Windows Server /

Windows Server 2025 gets hotpatching option, without reboots 2024-09-23 at 17:02 By Zeljka Zorz Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure Edition,

Windows Server 2025 gets hotpatching option, without reboots Read More »

September 2024 Patch Tuesday forecast: Downgrade is the new exploit

Adobe, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, patching, Windows /

September 2024 Patch Tuesday forecast: Downgrade is the new exploit 2024-09-06 at 08:16 By Help Net Security I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities

September 2024 Patch Tuesday forecast: Downgrade is the new exploit Read More »

Scroll to Top