Geek-Guy.com

Tag: fixes

AI, Cybersecurity, Exploits, Global Security News, Network Security

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’, 18 rated…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

Microsoft patches two zero-day flaws in Defender

Microsoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuable in a malware attack, first to prevent detection if the system relies only on Microsoft endpoint protection…

Read more →

Exploits, Global Security News

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of…

Read more →

AI, APAC, Apps, Exploits, Global Security News

Microsoft May 2026 Patch Tuesday, (Tue, May 12th)

Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…

Read more →

AI, Endpoint, Exploits, Global Security News

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the company said in a security advisory published on Thursday. About CVE-2026-6973 CVE-2026-6973 is caused…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

MOVEit automation flaws could enable full system compromise

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…

Read more →

AI, Global Security News

Wireshark 4.6.5 Released, (Sun, May 3rd)

Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. This high number of fixes is due to AI: “This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.“   Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0…

Read more →

AI, Apps, Exploits, Global Security News

Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)

Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-28950: Impact: Notifications marked for deletion could be unexpectedly retained on the device Description: A logging issue was addressed with improved data redaction. Apple did not mark the vulnerability as exploited. However, recent news articles reported that the FBI…

Read more →

AI, Global Security News

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support

OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack rekeying support will fail when they attempt to interoperate with OpenSSH going forward. The project removed the…

Read more →

Global Security News, Venture

Fig Security emerges from stealth with $38 million to resilience-proof enterprise security

Fig Security, a new platform that finds and fixes broken security flows across your entire SecOps infrastructure, has launched from stealth with $38 million across Seed and Series A rounds. It addresses one of the least visible challenges yet most consequential in enterprise security: the quiet breakdown of security operations as environments grow more complex.…

Read more →

AI, Don't miss, Exploits, Global Security News, Hot stuff, News, PoC, Social Engineering

Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows system. About CVE-2026-20841 For many, many years, Windows Notepad was a simple text editor and a staple tool…

Read more →

AI, Apple, Don't miss, Exploits, Global Security News, Hot stuff, News

Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Security, Vulnerabilities

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases. However, Tyler Reguly, associate director of security R&D at Fortra, says there’s good news: The issues are easy to resolve with regular Microsoft patches for Windows and Office, and none require any post patch configuration steps.…

Read more →