security update

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 2026-04-16 at 18:37 By Zeljka Zorz Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About […]

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) Read More »

Tails 7.6.2 patches vulnerability that could expose saved files

Tails 7.6.2 patches vulnerability that could expose saved files 2026-04-16 at 13:34 By Anamarija Pogorelec The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian GNU/Linux, is aimed at users who want to preserve their online privacy and

Tails 7.6.2 patches vulnerability that could expose saved files Read More »

Windows is getting stronger RDP file protections to fight phishing attacks

Windows is getting stronger RDP file protections to fight phishing attacks 2026-04-16 at 01:19 By Sinisa Markovic Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection

Windows is getting stronger RDP file protections to fight phishing attacks Read More »

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) 2026-04-09 at 16:17 By Zeljka Zorz In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) Read More »

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Flatpak 1.16.4 fixes sandbox escape and three other security flaws 2026-04-08 at 12:16 By Anamarija Pogorelec Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as

Flatpak 1.16.4 fixes sandbox escape and three other security flaws Read More »

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 2026-04-03 at 17:52 By Zeljka Zorz Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) Read More »

DarkSword exploit forces Apple to loosen its patching policy

DarkSword exploit forces Apple to loosen its patching policy 2026-04-02 at 14:46 By Sinisa Markovic Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the first time Apple has backported fixes for older devices based on vulnerability

DarkSword exploit forces Apple to loosen its patching policy Read More »

Apple counters ClickFix attacks with macOS Terminal warning

Apple counters ClickFix attacks with macOS Terminal warning 2026-03-31 at 16:05 By Sinisa Markovic Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, a social engineering trick that gets users to run malicious

Apple counters ClickFix attacks with macOS Terminal warning Read More »

Apple Debuts Background Security Improvements With Fresh WebKit Patches

Apple Debuts Background Security Improvements With Fresh WebKit Patches 2026-03-18 at 14:49 By Ionut Arghire The lightweight updates are meant to deliver security protections between security updates. The post Apple Debuts Background Security Improvements With Fresh WebKit Patches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Debuts Background Security Improvements With Fresh WebKit Patches Read More »

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited 2026-03-11 at 12:31 By Zeljka Zorz On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. Privilege escalation vulnerabilities abound The two publicly disclosed flaws are CVE-2026-21262, a

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited Read More »

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) 2026-03-05 at 14:27 By Zeljka Zorz A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) Read More »

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) 2026-03-04 at 15:57 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) Read More »

Google Plans Two-Week Release Schedule for Chrome

Google Plans Two-Week Release Schedule for Chrome 2026-03-04 at 13:52 By Ionut Arghire Starting September 2026, new Chrome iterations will be released twice as fast, part of a two-week cycle. The post Google Plans Two-Week Release Schedule for Chrome appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Plans Two-Week Release Schedule for Chrome Read More »

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation 2026-03-03 at 13:58 By Anamarija Pogorelec The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch level of 2026-03-05 or later receive fixes for all disclosed issues. Android

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation Read More »

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! 2026-01-29 at 11:34 By Zeljka Zorz SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible. The vulnerabilities The WHD vulnerabilities fixed

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! Read More »

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) 2026-01-27 at 11:22 By Zeljka Zorz Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) Read More »

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise 2026-01-22 at 01:13 By Anamarija Pogorelec Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise Read More »

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) 2026-01-21 at 20:57 By Zeljka Zorz Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) Read More »

Rust package registry adds security tools and metrics to crates.io

Rust package registry adds security tools and metrics to crates.io 2026-01-21 at 15:23 By Anamarija Pogorelec The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers

Rust package registry adds security tools and metrics to crates.io Read More »

Scroll to Top