security update

Microsoft demystifies how Windows updates work

Microsoft demystifies how Windows updates work 2026-07-13 at 08:30 By Anamarija Pogorelec Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released […]

Microsoft demystifies how Windows updates work Read More »

Debian 13.6 security update patches over a hundred advisories in trixie

Debian 13.6 security update patches over a hundred advisories in trixie 2026-07-13 at 01:25 By Anamarija Pogorelec Most PCs still run with a UEFI Secure Boot certificate authority, installed by default since 2013, that has now expired. That certificate signed the bootloaders letting machines start with Secure Boot turned on. Its expiry sits at the

Debian 13.6 security update patches over a hundred advisories in trixie Read More »

Microsoft is rewriting Windows patch guidance because of AI

Microsoft is rewriting Windows patch guidance because of AI 2026-07-10 at 09:00 By Anamarija Pogorelec Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released. The company says organizations should reassess how quickly they

Microsoft is rewriting Windows patch guidance because of AI Read More »

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) 2026-07-09 at 15:14 By Zeljka Zorz Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit. The vulnerability and the fix CVE-2026-50656 is due to improper link resolution before

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) Read More »

New ClamAV security patch closes seven scanner bugs dating back two decades

New ClamAV security patch closes seven scanner bugs dating back two decades 2026-07-06 at 01:30 By Sinisa Markovic Open source antivirus scanning sits inside mail gateways, file upload checks, and endpoint tooling at organizations of every size. Much of that work runs through ClamAV, the scanning engine maintained by Cisco’s Talos group. The project released

New ClamAV security patch closes seven scanner bugs dating back two decades Read More »

Synology issues critical fix for MailPlus Server vulnerabilities

Synology issues critical fix for MailPlus Server vulnerabilities 2026-06-26 at 13:57 By Zeljka Zorz Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, may allow remote attackers to read or

Synology issues critical fix for MailPlus Server vulnerabilities Read More »

Microsoft gives Windows 10 users an unexpected extra year of free security updates

Microsoft gives Windows 10 users an unexpected extra year of free security updates 2026-06-26 at 09:32 By Sinisa Markovic Microsoft has given Windows 10 users another year of free security updates, extending its consumer Extended Security Updates (ESU) program until October 12, 2027. “Windows 10 support has ended. You can enroll in ESU any time

Microsoft gives Windows 10 users an unexpected extra year of free security updates Read More »

Record Microsoft Patch Tuesday, fresh zero-day

Record Microsoft Patch Tuesday, fresh zero-day 2026-06-10 at 14:23 By Zeljka Zorz Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in

Record Microsoft Patch Tuesday, fresh zero-day Read More »

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) 2026-06-09 at 15:21 By Sinisa Markovic Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) Read More »

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows 2026-06-08 at 20:33 By Sinisa Markovic Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows Read More »

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Google fixes actively exploited Android vulnerability (CVE-2025-48595) 2026-06-02 at 15:17 By Zeljka Zorz Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android

Google fixes actively exploited Android vulnerability (CVE-2025-48595) Read More »

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

Debian 13.5 point release lands with security fixes, bug patches

Debian 13.5 point release lands with security fixes, bug patches 2026-05-18 at 01:03 By Anamarija Pogorelec Debian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more than 130 source packages, covering everything from the Linux kernel and Apache HTTP Server

Debian 13.5 point release lands with security fixes, bug patches Read More »

Oracle rolls out monthly security patch updates

Oracle rolls out monthly security patch updates 2026-05-05 at 17:46 By Anamarija Pogorelec Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],” Oracle

Oracle rolls out monthly security patch updates Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

ChatGPT advanced account security adds passkeys and hardware keys

ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and

ChatGPT advanced account security adds passkeys and hardware keys Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Scroll to Top