security update

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)

0-day, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, security update /

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) 2025-07-16 at 16:32 By Zeljka Zorz For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a high-severity vulnerability that stems from incorrect validation of untrusted input in ANGLE – the Almost […]

React to this headline:

Loading spinner

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) Read More »

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation

Binarly, bootkit, consumer, Don't miss, firmware, Gigabyte, Hot stuff, News, security update, vulnerability /

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation 2025-07-15 at 16:19 By Zeljka Zorz UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot process). “While AMI (the original firmware supplier) has

React to this headline:

Loading spinner

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation Read More »

Google patches actively exploited Chrome (CVE‑2025‑6554)

0-day, Brave, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, Opera, security update, Vivaldi /

Google patches actively exploited Chrome (CVE‑2025‑6554) 2025-07-01 at 13:15 By Zeljka Zorz Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554

React to this headline:

Loading spinner

Google patches actively exploited Chrome (CVE‑2025‑6554) Read More »

Windows 10: How to get security updates for free until 2026

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, security update, SMBs, Windows /

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Loading spinner

Windows 10: How to get security updates for free until 2026 Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, security update, vulnerability /

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

React to this headline:

Loading spinner

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

Connectwise is rotating code signing certificates. What happened?

certificates, ConnectWise, CyberProof, Don't miss, Hot stuff, LUMU, News, security update /

Connectwise is rotating code signing certificates. What happened? 2025-06-11 at 17:48 By Zeljka Zorz Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions. The reason for the

React to this headline:

Loading spinner

Connectwise is rotating code signing certificates. What happened? Read More »

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

Adobe, Akamai, Check Point, Don't miss, Hot stuff, magento, Microsoft, MS Office, News, Patch Tuesday, security update, Tenable, Windows, Windows Server /

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) 2025-06-11 at 14:16 By Zeljka Zorz For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability

React to this headline:

Loading spinner

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Read More »

June 2025 Patch Tuesday forecast: Second time is the charm?

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, security update /

June 2025 Patch Tuesday forecast: Second time is the charm? 2025-06-06 at 09:57 By Help Net Security Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated

React to this headline:

Loading spinner

June 2025 Patch Tuesday forecast: Second time is the charm? Read More »

Why SAP security updates are a struggle for large enterprises

CISO, cybersecurity, Don't miss, how-to, News, Pathlock, SAP, security update, strategy, tips, Video /

Why SAP security updates are a struggle for large enterprises 2025-06-05 at 07:33 By Help Net Security In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises. From highly customized, interconnected environments to the pressure of real-time patching, Strauss highlights why

React to this headline:

Loading spinner

Why SAP security updates are a struggle for large enterprises Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

React to this headline:

Loading spinner

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

CERT-EU, Don't miss, Endpoint Security, Hot stuff, Ivanti, News, security update, vulnerability /

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

React to this headline:

Loading spinner

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

Don't miss, Hot stuff, News, Rapid7, security update, SMBs, SonicWall, VPN, vulnerability /

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also

React to this headline:

Loading spinner

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

Android, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) 2025-05-07 at 13:03 By Zeljka Zorz Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders

React to this headline:

Loading spinner

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) Read More »

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Don't miss, Hot stuff, News, OPSWAT, Ruby, security update, vulnerability, web application security /

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) 2025-04-25 at 12:39 By Zeljka Zorz Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate

React to this headline:

Loading spinner

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) Read More »

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

0-day, apple, APT, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News, security update /

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) 2025-04-17 at 12:02 By Zeljka Zorz Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200

React to this headline:

Loading spinner

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Read More »

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Chrome, Don't miss, Firefox, Hot stuff, Kaspersky, News, Opera, security update, Tor, vulnerability /

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)

React to this headline:

Loading spinner

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP, Don't miss, enterprise, file-sharing, Hot stuff, News, security update, SMBs, vulnerability /

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

Qualcomm Extends Security Support for Android Devices to 8 Years

Android, Google, Mobile & Wireless, Qualcomm, security update, support. /

Qualcomm Extends Security Support for Android Devices to 8 Years 2025-02-26 at 13:20 By Eduard Kovacs Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years. The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Qualcomm Extends Security Support for Android Devices to 8 Years Read More »

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

Assetnote, Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC, security update /

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) 2025-02-13 at 13:17 By Zeljka Zorz Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is not aware of any malicious exploitation

React to this headline:

Loading spinner

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) Read More »

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)

Action1, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) 2025-02-11 at 22:21 By Zeljka Zorz February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which interfaces

React to this headline:

Loading spinner

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) Read More »

Scroll to Top