security update

Record Microsoft Patch Tuesday, fresh zero-day

AI, Don't miss, Fortra, Hot stuff, Microsoft, Microsoft Defender, News, Patch Tuesday, patching, security update, Tenable, Trend Micro, Windows /

Record Microsoft Patch Tuesday, fresh zero-day 2026-06-10 at 14:23 By Zeljka Zorz Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in […]

Record Microsoft Patch Tuesday, fresh zero-day Read More »

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)

0-day, Chrome, Google, News, security update /

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) 2026-06-09 at 15:21 By Sinisa Markovic Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) Read More »

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows

cybersecurity, Endpoint Security, Microsoft, News, security update, update, Windows /

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows 2026-06-08 at 20:33 By Sinisa Markovic Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows Read More »

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Android, CVE, Don't miss, Hot stuff, News, security update, vulnerability /

Google fixes actively exploited Android vulnerability (CVE-2025-48595) 2026-06-02 at 15:17 By Zeljka Zorz Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android

Google fixes actively exploited Android vulnerability (CVE-2025-48595) Read More »

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

0-day, CISA, Don't miss, Endpoint Security, enterprise, Hot stuff, News, security update, Trend Micro /

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Don't miss, Hot stuff, Microsoft, News, security update, SharePoint, vulnerability /

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

Debian 13.5 point release lands with security fixes, bug patches

Debian, Linux, News, operating system, security update /

Debian 13.5 point release lands with security fixes, bug patches 2026-05-18 at 01:03 By Anamarija Pogorelec Debian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more than 130 source packages, covering everything from the Linux kernel and Apache HTTP Server

Debian 13.5 point release lands with security fixes, bug patches Read More »

Oracle rolls out monthly security patch updates

AI, cloud security, News, Oracle, security update /

Oracle rolls out monthly security patch updates 2026-05-05 at 17:46 By Anamarija Pogorelec Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],” Oracle

Oracle rolls out monthly security patch updates Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, security update, vulnerability /

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

ChatGPT advanced account security adds passkeys and hardware keys

authentication, ChatGPT, FIDO Alliance, hardware, News, OpenAI, security update, Yubico /

ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and

ChatGPT advanced account security adds passkeys and hardware keys Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

0-day, cPanel, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, security update, WatchTowr, web hosting /

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security /

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)

Fortinet, Hot stuff, News, sandbox, security update, vulnerability /

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 2026-04-16 at 18:37 By Zeljka Zorz Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) Read More »

Tails 7.6.2 patches vulnerability that could expose saved files

anonymity, Hot stuff, News, Privacy, security update, Tails, vulnerability /

Tails 7.6.2 patches vulnerability that could expose saved files 2026-04-16 at 13:34 By Anamarija Pogorelec The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian GNU/Linux, is aimed at users who want to preserve their online privacy and

Tails 7.6.2 patches vulnerability that could expose saved files Read More »

Windows is getting stronger RDP file protections to fight phishing attacks

Microsoft, News, phishing, security update, Windows /

Windows is getting stronger RDP file protections to fight phishing attacks 2026-04-16 at 01:19 By Sinisa Markovic Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection

Windows is getting stronger RDP file protections to fight phishing attacks Read More »

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

AI, Apache ActiveMQ, bug hunting, Don't miss, Horizon3.ai, Hot stuff, News, security update, vulnerability /

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) 2026-04-09 at 16:17 By Zeljka Zorz In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) Read More »

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Linux, News, security update, software /

Flatpak 1.16.4 fixes sandbox escape and three other security flaws 2026-04-08 at 12:16 By Anamarija Pogorelec Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as

Flatpak 1.16.4 fixes sandbox escape and three other security flaws Read More »

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)

Cisco, Cisco servers, Don't miss, hardware management, News, security update, vulnerability /

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 2026-04-03 at 17:52 By Zeljka Zorz Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) Read More »

Scroll to Top