Updates, Patches, and Alerts
The latest software updates, patches, and alerts that could impact your organization or institution
------------------------------------------------------------
February 14, 2025
- gbhackers: CISA publishes 20 advisories on ICS security flaws and exploits
- Security Week: New Windows zero-day being exploited by a Chinese APT
- Bleeping Computer: Microsoft fixes bug causing Windows Server 2025 boot errors
- Cybersecurity News: NVIDIA Container toolkit vulnerability let attackers execute code
- Cybersecurity News: Apache Fineract SQL injection vulnerability lets attackers inject malicious data
February 13, 2025
- gbhackers: Critical Chrome flaw allows attackers to remotely execute code
- SecurityWeek: Exploitation of Old ThinkPHP, OwnCloud vulnerabilities surges
- gbhackers: Windows 11 compression features pose libarchive security threats
- Help Net Security: PAN-OS authentication bypass hole plugged, PoC is public
- SecurityWeek: Palo Alto Networks patches potentially serious firewall vulnerability
- gbhackers: Arbitrary file upload vulnerability in WordPress plugin let attackers hack 30,000 websites
February 12, 2025
- SecurityWeek: Ivanti, Fortinet patch multiple REC vulnerabilities
- gbhackers: Windows driver zero-day vulnerability let hackers remotely gain system access
- SecurityWeek: Chipmaker Patch Tuesday: Intel, AMD, Nvidia fix high-severity vulnerabilities
- Bleeping Computer: Windows 10 KB5051974 update force installs new Microsoft Outlook app
- CISA: CISA and FBI warn of malicious cyber actors using buffer overflow vulnerabilities to compromise software
February 11, 2025
- Help Net Security: Apple fixes zero-day flaw exploited in “extremely sophisticated” attack
- Cybersecurity News: SAP security update – 19 vulnerabilities across multiple products patched
- gbhackers: Enhanced IllusionCAPTCHA: Advanced protection against AI-Powered CAPTCHA attacks
February 10, 2025
- Help Net Security: Malicious ML models found on Hugging Face Hub
- Bleeping Computer: Brave now lets you inject custom JavaScript to tweak websites
- gbhackers: New ‘BYOTB’ attack exploits trusted binaries to evade detection, researchers reveal
- Help Net Security: February 2025 Patch Tuesday forecast: New directions for AI development
- Cybersecurity News: LLM hijackers gained stolen access to DeepSeek-V3 model very next day after release
February 7, 2025
- gbhackers: Dell Update Manager plugin flaw exposes sensitive data
- Bleeping Computer: Microsoft has finally fixed Date & Time bug in Windows 11
- Cybersecurity News: Logsign vulnerability allows remote attackers to bypass authentic
- gbhackers: Microsoft Sysinternals 0-Day vulnerability enables DLL injection attacks on Windows
- Cybersecurity News: Microsoft Edge vulnerabilities let attackers execute remote code – update now!
February 6, 2025
- IT Pro: Cisco patches critical security issues, so update now
- TechWorm: CISA orders urgent patch For exploited Linux Kernel bug
- SecurityWeek: Five Eyes agencies release guidance on securing edge devices
- Cybersecurity News:MobSF Framework Zero-day vulnerability let attackers trigger DoS in scans results
- Cybersecurity News: Multiple vulnerabilities in Cisco SNMP for IOS software let attackers trigger dos attack
- SecurityWeek: CISA issues exploitation warning for NET vulnerability
- SecurityWeek: Zyzel issues 'no patch' warning for exploited zero-days
- gbhackers: IBM Cloud Pak security vulnerabilities expose sensitive data to attackers
- Cybersecurity News: Critical Netgear vulnerabilities let attackers executive remote code
- Cybersecurity News: CISA releases nine advisories dealing vulnerabilities and exploits surrounding ICS
- Cybersecurity News: Apple’s macOS kernel vulnerability let attackers escalate privileges – PoC released
- SecurityWeek: AMD patches CUP vulnerability found by Google
- gbhackers: Apple service ticket portal vulnerability leaks sensitive information
- Cybersecurity News: Apache Cassandra vulnerability let attackers gain access to the data centers remotely
- SecurityWeek: Vulnerability patched in Android possibly exploited by forensic tools
- gbhackers: Linux 6.14 released – what's new
- Cybersecurity News: Parrot 6.3 released with improved security & new hacking tools
- gbhackers: NVIDIA GPU display driver vulnerability lets attackers access files remotely
- Cybersecurity News: New Windows 11 (x64) modern kernel race conditions uncovered – POC released
- SecurityWeek: TeamViewer patches high-severity vulnerability in Windows applications
- Cybersecurity News: Critical RCE vulnerability found In AI development platform lets attackers gain root access
- Bleeping Computer: Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics
- SecurityWeek: New Zyxel Zero-day under attack, no patch available
- Bleeping Computer: Windows 11 KB5050094 update fixes bugs causing audio issues
- gbhackers: Hackers seize control of 3,000 companies through critical vulnerabilities
- Dark Reading: OAuth flaw exposed millions of airline users to account takeovers
- gbhackers: Windows CLFS buffer overflow vulnerability CVE-2024-49138 – PoC released
- Cybersecurity News: Azure Key Vault vulnerabilities could leak sensitive data after Entra ID breach
- Help Net Security: Apple zero-day vulnerability exploited to target iPhone users
- Cybersecurity News: Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges
- SecurityWeek: DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge
- SecurityWeek: Git vulnerabilities led to credentials exposure
- gbhackers: Chrome security update – patch for 3 high-severity vulnerabilities
- Cybersecurity News: Windows charset conversion feature exploited to execute remote code
- Cybersecurity News: Critical Intel Trust Domain extensions isolation vulnerability exposes sensitive data
- gbhackers: CISA releases six ICS advisories details security issues
- Cybersecurity News: PoC exploit released For critical Microsoft Outlook Zero-Click RCE vulnerability
- Cybersecurity News: phpMyAdmin vulnerability let hackers rrigger XSS attack with malicious tables
- Bleeping Computer: Cloudflare CDN flaw leaks user location data, even through secure chat apps
- SecurityWeek: Palo Alto Networks addresses impact of BIOS, Bootloader vulnerabilities on its firewalls
- SecurityWeek: FBI/CISA share details on Ivanti exploits chains: what network defenders need to know
- Infosecurity: Cisco fixes critical vulnerability in Meeting Management
- Help Net Security: SonicWall SMA appliances exploited in zero-day attacks
- gbhackers: WordPress plugin vulnerability exposes 23k+ websites to hacking
- Cybersecurity News: Rails Apps file write vulnerability let attackers execute code remotely
- The Register: Asus lets processor security fix slip out early, AMD confirms patch in progress
- Help Net Security: Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
- Help Net Security: 48,000+ internet-facing Fortinet firewalls still open to attack
- Bleeping Computer: Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
- Cybersecurity News: AWS releases best security practices to mitigate ransomware attacks
- SecurityWeek: Oracle patches 200 vulnerabilities with January 2025 CPU
- Infosecurity: Oracle to address 320 vulnerabilities in January Patch update
- Cybersecurity News: TP-Link Router Buffer overflow vulnerabilit exploited to execute Code
- Bleeping Computer: 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
- Cybersecurity News: Apache CXF vulnerability let attackers push systems to trigger DoS condition
- Bleeping Computer: Microsoft shares temp fix for Outlook crashing when writing emails
- Source: SecurityWeek: CISA, FBI update software security recommendations
- Cybersecurity News: ChatGPT crawler vulnerability let attackers trigger DDoS attack on any websites
- Cybersecurity News: PoC Released For Ivanti Connect Secure RCE Vulnerability
- Crypto News: Ethereum accounted for over 50% of $2.3b lost to hacks and exploits in 2024
- Help Net Security: Critical vulnerabilities remain unresolved due to prioritization gaps
- Cybersecurity News: FTC warns GoDaddy for inadequate security practices in website hosting services
- SecurityWeek: Millions of Internet hosts vulnerable to attacks due to tunneling protocol flaws
- SecurityWeek: Chrome 132 patches 16 vulnerabilities
- SecurityWeek: Ivanti patches critical vulnerabilities in Endpoint Manager
- Bleeping Computer: January Windows updates may fail if Citrix SRA is installed
- Tech Radar: Microsoft patches three worrying security flaws in its latest critical update, so update now
- SecurityWeek: Nvidia, Zoom, Zyxel patch high-severity vulnerabilities
- Cybersecurity News: Cisco Releases Security Updates Addressing Vulnerabilities in ThousandEyes and Snort
- Cybersecurity News: Windows 11 security features bypassed to obtain arbitrary code execution in kernel mode
- Help Net Security: Fortinet fixes FortiOS zero-day exploited by attackers for months
- SecurityWeek: SAP patches critical vulnerabilities in NetWeaver
- Cybersecurity News:Google’s “Sign in with Google” flaw exposes millions of users’ details
- SecurityWeek: Many Ivanti VPNs are still exposed to attacks exploiting a recent vulnerability
- Cybersecurity News: Zero-Day vulnerability in PDF files leaking NTLM data in Adobe & Foxit Reader
- gbhackers: Microsoft wars of MFA issue affecting Microsoft 365 users
- Cyber Express: Critical Ivanti vulnerabilities addressed with latest patch
- SecurityWeek: Juniper Networks fixes high-severity vulnerabilities in Junos OS
- Cybersecurity News: Critical macOS Sandbox vulnerability PoC exploit released online
- Bleeping Computer: Microsoft to force install new Outlook on Windows 10 PCs in February
- Cybersecurity News: Microsoft’s DRM hacking raises some questions on vulnerability disclosure.
- Tripwire: Tripwire's December 2024 patch priority index
- Help Net Security: January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
- Cybersecurity News: Samsung patches multiple vulnerabilities that let attackers execute arbitrary code
- gbhackers: Wireshark 4.4.3 released: What’s new!
- Infosecurity: Critical Ivanti zero-day exploited in the wild
- SecurityWeek: Palo Alto Networks patches high severity vulnerability in retired migration tool
- Cybersecurity News: Palo Alto Networks expedition tool vulnerability exposes firewall credentials
- Cybersecurity News: New BIOS/UEFI vulnerabilities lets hackers hijack firmware
- gbhackers: PHP servers vulnerability exploited to inject PacketCrypt Cryptocurrency miner
- Cybersecurity News: Microsoft pushes identity management feature for Azure Via Entra
- Cybersecurity News: Chrome Type Confusion vulnerability let attackers execute arbitrary code remotely
- gbhackers: Android security updates: Patch for critical RCE vulnerabilities
- Tech Radar: MediaTek reveals host of security vulnerabilities, so patch now
- Cybersecurity News: Critical MediaTek Processor RCE vulnerability impacts millions of devices
- Cybersecurity News: 40,000+ CVEs published in 2024, marking a 38% increase from 2023
- Bleeping Computer:Windows 10 users urged to upgrade to avoid "security fiasco"
- Dark Reading: Unpatched active directory flaw can crash any Microsoft server
- Cybersecurity News:Poc exploit released for OpenSSH arbitrary code execution vulnerability
- Cybersecurity News: ASUS router vulnerabilities allows arbitrary code execution
- Help Net Security: Best practices for ensuring a secure browsing environment
- Security Week: Exploit code published for potentially dangerous windows LDAP vulnerability
- The Cyber Express: CERT-in alerts WordPress users to critical WPForms plugin vulnerability
- Cybersecurity News: Windows 11 Bitlocker encryption bypassed to extract volume encryption keys
- The Hacker News: Severe security flaws patched in Microsoft dynamics 365 and Power Apps Web API
February 5, 2025
February 4, 2025
February 3, 2025
January 30, 2025
January 29, 2025
January 28, 2025
January 27, 2025
January 24, 2025
January 23, 2025
January 22, 2025
January 21, 2025
January 20, 2025
January 17, 2025
January 16, 2025
January 15, 2025
January 14, 2025: Updated!
January 13, 2025
January 10, 2025-UPDATED!
January 9, 2025
January 8, 2025
January 7, 2025
January 6, 2025
January 3, 2025
January 2, 2025
January 1, 2025
Happy New Year!
For more technology news and alerts, visit the Tech Talk page on BankersOnline.com.