Tag: PATCH

Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
Summary: The healthcare sector is under severe threat from ransomware due to its widespread insecurity and operational demands that complicate timely vulnerability patching. Claroty’s analysis reveals that a staggering 99% of healthcare organizations are vulnerable to known exploits, particularly those related to ransomware. The firm’s researchers propose a triaging method to identify the most vulnerable devices based on critical threat indicators.…
Read More
Microsoft fixes Remote Desktop issues caused by Windows updates
Summary: Microsoft has addressed issues with Remote Desktop and RDS connections affecting users after recent Windows updates. Problems include disconnections after 65 seconds for Windows 11 24H2 users connecting to Windows Server 2016 and issues arising when Windows Server 2025 devices act as RDP clients. A fix is available through the KB5053656 preview update and will be included in the next cumulative updates.…
Read More
In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
Summary: This week’s cybersecurity news roundup highlights significant developments, including advancements in quantum computing, a phishing incident involving a prominent expert, and a high-profile hack of NYU’s website. The roundup also covers emerging ransomware threats and updates on security measures from Google, along with notable data breaches affecting users.…
Read More
Firefox Patch Released as Mozilla Addresses Chrome-Like Security Threat
Summary: Mozilla has released an urgent update for Firefox on Windows to fix a critical sandbox escape vulnerability (CVE-2025-2857) that may allow unauthorized system access. This update comes in response to a recent similar exploit found in Google Chrome, highlighting growing concerns over browser security. Users are strongly urged to update their browsers immediately to ensure protection against this and similar vulnerabilities.…
Read More
Windows 11 KB5053656 update released with 38 changes and fixes
Summary: Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2, featuring real-time translation support and various fixes addressing blue-screen and authentication issues. This optional update includes improvements for Copilot+ PCs and introduces enhanced Windows Search capabilities. Additionally, Microsoft has acknowledged known issues affecting Citrix components and Roblox on Windows Arm devices.…
Read More
RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform
Summary: Splunk has issued a security advisory regarding critical vulnerabilities affecting both Splunk Enterprise and Splunk Cloud Platform, which could lead to remote code execution and sensitive information disclosure. The vulnerabilities, identified as CVE-2025-20229 and CVE-2025-20231, require immediate attention through patches and upgrades. Organizations are urged to review user access controls, particularly for low-privileged users, to mitigate risks.…
Read More
Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw
Summary: Vite, a popular frontend build tool, is vulnerable to a file access control bypass (CVE-2025-30208) that could expose sensitive files to attackers. This flaw allows unauthorized access through specially crafted URL parameters, affecting only applications that expose the Vite development server. Users are urged to update to patched versions to mitigate this risk.…
Read More
Mozilla warns Windows users of critical Firefox sandbox escape flaw
Summary: Mozilla has released Firefox 136.0.4 to address a critical security vulnerability, tracked as CVE-2025-2857, that allows attackers to escape the browser’s sandbox on Windows systems. The flaw was reported by Mozilla developer Andrew McCreight and affects both standard and extended support releases of Firefox. Mozilla noted that this vulnerability bears similarities to a recently patched Chrome zero-day exploit.…
Read More
The 4 WordPress flaws hackers targeted the most in Q1 2025
Summary: A recent Patchstack report reveals critical vulnerabilities in several WordPress plugins that hackers exploited in early 2025. The report highlights four significant flaws that, despite being fixed in 2024, remain unpatched in numerous installations, leaving many sites at risk. It emphasizes the importance of applying security updates and using effective website security measures to mitigate risks.…
Read More
Russian Espionage Group Using Ransomware in Attacks
Summary: The UK Information Commissioner’s Office has fined Advanced Computer Software Group £3 million due to a 2022 data breach caused by a ransomware attack. This incident, involving the notorious LockBit group, compromised personal information of approximately 80,000 individuals linked to healthcare services. Advanced failed to adequately secure systems, notably lacking multi-factor authentication, leading to significant regulatory scrutiny and penalties.…
Read More
SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch
Summary: A critical security vulnerability (CVE-2025-26512) has been discovered in NetApp’s SnapCenter software, allowing authenticated users to escalate privileges and gain unauthorized administrative access. This flaw affects SnapCenter versions prior to 6.0.1P1 and 6.1P1, with a CVSS score of 9.9. While no public exploitation has been detected, organizations are urged to update to the latest versions to mitigate risks.…
Read More
Multiple CVEs Found in Ingress-NGINX—Patch Now to Prevent Cluster Compromise
Summary: A set of vulnerabilities in Ingress-NGINX Controller for Kubernetes poses significant security risks, including unauthorized remote code execution and potential full cluster takeover for versions prior to 1.12.1 and 1.11.5. The Australian Cyber Security Centre has outlined specific vulnerabilities that could allow attackers to manipulate configurations and access sensitive credentials.…
Read More
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
Summary: CISA has added two critical vulnerabilities affecting Sitecore CMS to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. These flaws allow attackers to execute arbitrary code through deserialization vulnerabilities. Additionally, there are ongoing exploit attempts against DrayTek devices and a new vulnerability in the Next.js…
Read More
Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…
Read More
OpenAI Offering 0K Bounties for Critical Vulnerabilities
Summary: OpenAI has increased its bug bounty payout to 0,000 to enhance the discovery of critical vulnerabilities. This initiative is part of a larger security program that includes funding for cybersecurity research and collaboration with experts. OpenAI is actively inviting hackers to propose projects and providing microgrants to accelerate the development of innovative security solutions.…
Read More