security update

Google patches actively exploited Chrome (CVE‑2025‑6554)

Google patches actively exploited Chrome (CVE‑2025‑6554) 2025-07-01 at 13:15 By Zeljka Zorz Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554 […]

React to this headline:

Loading spinner

Google patches actively exploited Chrome (CVE‑2025‑6554) Read More »

Windows 10: How to get security updates for free until 2026

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Loading spinner

Windows 10: How to get security updates for free until 2026 Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

React to this headline:

Loading spinner

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

Connectwise is rotating code signing certificates. What happened?

Connectwise is rotating code signing certificates. What happened? 2025-06-11 at 17:48 By Zeljka Zorz Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions. The reason for the

React to this headline:

Loading spinner

Connectwise is rotating code signing certificates. What happened? Read More »

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) 2025-06-11 at 14:16 By Zeljka Zorz For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability

React to this headline:

Loading spinner

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Read More »

June 2025 Patch Tuesday forecast: Second time is the charm?

June 2025 Patch Tuesday forecast: Second time is the charm? 2025-06-06 at 09:57 By Help Net Security Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated

React to this headline:

Loading spinner

June 2025 Patch Tuesday forecast: Second time is the charm? Read More »

Why SAP security updates are a struggle for large enterprises

Why SAP security updates are a struggle for large enterprises 2025-06-05 at 07:33 By Help Net Security In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises. From highly customized, interconnected environments to the pressure of real-time patching, Strauss highlights why

React to this headline:

Loading spinner

Why SAP security updates are a struggle for large enterprises Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

React to this headline:

Loading spinner

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

React to this headline:

Loading spinner

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also

React to this headline:

Loading spinner

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) 2025-05-07 at 13:03 By Zeljka Zorz Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders

React to this headline:

Loading spinner

Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) Read More »

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) 2025-04-25 at 12:39 By Zeljka Zorz Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate

React to this headline:

Loading spinner

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) Read More »

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) 2025-04-17 at 12:02 By Zeljka Zorz Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200

React to this headline:

Loading spinner

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Read More »

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)

React to this headline:

Loading spinner

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

Qualcomm Extends Security Support for Android Devices to 8 Years

Qualcomm Extends Security Support for Android Devices to 8 Years 2025-02-26 at 13:20 By Eduard Kovacs Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years. The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Qualcomm Extends Security Support for Android Devices to 8 Years Read More »

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) 2025-02-13 at 13:17 By Zeljka Zorz Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is not aware of any malicious exploitation

React to this headline:

Loading spinner

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) Read More »

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) 2025-02-11 at 22:21 By Zeljka Zorz February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which interfaces

React to this headline:

Loading spinner

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) Read More »

Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)

Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) 2025-02-11 at 12:48 By Zeljka Zorz Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vulnerability (CVE-2025-24200)

React to this headline:

Loading spinner

Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) Read More »

Swap EOL Zyxel routers, upgrade Netgear ones!

Swap EOL Zyxel routers, upgrade Netgear ones! 2025-02-05 at 16:18 By Zeljka Zorz There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, no patches CVE-2024-40891, a command injection vulnerability

React to this headline:

Loading spinner

Swap EOL Zyxel routers, upgrade Netgear ones! Read More »

Scroll to Top