The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each Benchmark and Build Kit includes a changelog that references all changes. Updated CIS Benchmarks overview CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0 CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0…
Tag: released
AI, Exploits, Global Security News
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. “Use-after-free in Dawn in Google…
Global Security News
New Windows 11 emergency update fixes preview update install issues
Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. […]
Global Security News
Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost
Microsoft released Windows 11 Insider Preview Build 29558.1000 to the Canary Channel, part of the optional 29500 build series. The build carries a set of changes focused on the Windows Console, a handful of bug fixes, and small improvements to Settings and disk utilities. A rebuilt console The bulk of this build centers on the…
Endpoint, Global Security News
Rspamd 4.0.0 ships memory savings, a new scan protocol, and a required migration step
The open-source spam filtering platform Rspamd released version 4.0.0, delivering infrastructure changes across its scan protocol, memory model, hash storage, and configuration system. Several of the changes are breaking, and at least one requires a migration step before upgrade. A new scan protocol The release introduces a /checkv3 endpoint that replaces HTTP headers with structured…
Global Security News
Windows 11 KB5079391 update rolls out Smart App Control improvements
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. […]
AI, Exploits, Global Security News, Network Security
Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS “generations” are covered, as are the last two versions of iOS/iPadOS. For tvOS, watchOS, and visionOS, only the current version received patches. This update also includes the…
Global Security News
OpenAI Set to Discontinue Sora Video Platform App
The app, released last year, allowed people to insert themselves into famous movie scenes, among other functions.
Global Security News, privacy
Firefox now has a free built-in VPN with 50GB monthly data limit
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. […]
Exploits, Global Security News
New Whitepaper: Exploiting Cellular-based IoT Devices
GUEST RESEARCH: Rapid7 has released a whitepaper titled “The Weaponisation of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific.
Endpoint, Global Security News, Network Security
Tuskira replaces centralized detection model with real-time, distributed approach
Tuskira has released its Federated Detection Engine, a new capability within its Agentic SecOps platform that enables real-time threat detection across cloud, identity, endpoint, network, SaaS, infrastructure, and legacy SIEM environments, without relying on centralized logging. Detection engineering still depends on centralized log architectures and manual rule authoring. That model is expensive to scale, slow…
Apps, Exploits, Global Security News
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below – CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) – Race condition…
AI, Data Breaches, Exploits, Global Security News, malware, Network Security
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations rely on to recover from breaches. The report, based on more than 500,000 hours of incident response engagements in 2025, finds that attackers are compressing key phases of the…
Exploits, Global Security News
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but has urged customers to apply the updates or provided mitigations as soon as possible. About CVE-2026-21992 CVE-2026-21992…
Global Security News
New KB5085516 emergency update fixes Microsoft account sign-in
Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. […]
AI, Exploits, Global Security News
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. “This vulnerability is remotely exploitable without authentication,” Oracle said in an…
AI, Apps, Funding, Global Security News, Government & Policy, Risk Management
Trump’s federal AI policy framework aims to undercut state laws
US President Donald Trump’s administration today released its National Policy Framework for Artificial Intelligence: Legislative Recommendations, a document that reads less like the AI safety blueprints that states are increasingly adopting and more like a playbook for asserting federal control over AI governance. It is part of a coordinated push with congressional allies, most notably…
Global Security News
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. […]
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware
News alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacks
AUSTIN, Texas, Mar. 19, 2026, CyberNewswire—SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase…
AI, Exploits, Global Security News, Risk Management
Cobalt adds continuous pentesting AI capabilities to scale offensive security and real-world risk
Cobalt has released new AI capabilities for continuous pentesting. Delivered through the Cobalt Offensive Security Platform, these next-generation components integrate AI with human pentesters and more than a decade of proprietary pentesting intelligence to accelerate the speed, scale, and depth of offensive security programs. Attackers are increasingly using AI to automate reconnaissance, vulnerability discovery, and…
AI, Apps, Global Security News
Arcjet enables inline defense against prompt injection in production AI systems
Arcjet has released AI Prompt Injection Protection, a new capability designed to stop prompt injection attacks before they reach production AI models. The feature detects hostile prompts at the application boundary and gives developers a decision point inside the request lifecycle where malicious instructions can be blocked before inference occurs. Companies are shipping AI features…
AI, Global Security News, Network Security, privacy
Java 26 ships with new cryptography API and HTTP/3 support
Oracle released JDK 26, the 17th consecutive feature release delivered under the six-month cadence the project adopted in 2018. The release includes ten JDK Enhancement Proposals spanning language changes, garbage collection improvements, cryptographic tooling, and network protocol support. PEM encoding API targets cryptographic integration JEP 524 introduces a second preview of a PEM encoding API…
AI, APAC, Global Security News
Dropzone AI releases autonomous Threat Hunting agent for continuous SOC detection
Dropzone AI has released the AI Threat Hunter, its newest AI agent that enables security teams to proactively search for threats across their environments around the clock. The AI Threat Hunter is the next agent joining the Dropzone’s Agentic SOC team, expanding what AI agents can do across the full spectrum of detection and response.…
Exploits, Global Security News
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit’s Navigation API that could be exploited to bypass the same-origin policy when processing maliciously…
Global Security News
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. […]
AI, Compliance, Global Security News, Network Security, Risk Management
DH2i Enhances SQL Server Resilience Across Hybrid IT
DH2i has released new versions of its clustering and automation software designed to help enterprises maintain SQL Server uptime while modernizing infrastructure across Linux, Windows, and Kubernetes environments. The company announced the general availability of DxEnterprise v26.0 and DxOperator v2, updates that introduce expanded monitoring, automated quorum enforcement, security improvements, and new automation capabilities for…
Global Security News
New Windows 11 hotpatch fixes Bluetooth device visibility issue
Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. […]
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Washington is right: Cybercrime is organized crime. Now we need to shut down the business model
The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration is echoing what the cybersecurity industry has been shouting for years: cyber-enabled fraud is a product of transnational organized crime. That distinction matters because organized crime requires an…
Global Security News
Microsoft re-releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. […]
Global Security News
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. […]
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google has released updates to patch two high-severity zero-day vulnerabilities in the Chrome browser that are already being exploited in the wild.. The flaws affect critical components responsible for rendering web content and executing JavaScript, potentially allowing attackers to crash the browser or execute malicious code on vulnerable systems. One of the vulnerabilities, CVE-2026-3909, allows…
AI, Exploits, Global Security News
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Backup vendor Veeam has released security updates to patch multiple vulnerabilities in its widely used Backup and Replication platform, including three critical flaws that could allow authenticated users to execute code on backup servers. Detailed in the company’s advisory KB4830, the vulnerabilities affect Veeam Backup & Replication 12.3.2.4165 and earlier version 12 builds, with fixes…
AI, Exploits, Global Security News
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows – CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform…
Exploits, Global Security News
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. […]
AI, Exploits, Global Security News
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows – CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667…
AI, Exploits, Global Security News, malware
Apple issues emergency fixes for Coruna flaws in older iOS versions
Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released security updates for legacy devices, rolling out iOS and iPadOS 16.7.15 and 15.8.7 to address vulnerabilities tied to the recently disclosed Coruna exploits. The patches aim to protect older iPhone and iPad…
AI, Exploits, Global Security News
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. […]
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft .NET Vulnerability Enables Remote DoS Attacks
Microsoft has released a security update to address a vulnerability in the .NET platform that could allow attackers to remotely crash affected applications. The flaw enables unauthenticated attackers to trigger a Denial-of-Service (DoS) condition, potentially causing applications or services running on vulnerable .NET environments to become unavailable. Exploitation of the vulnerability “… allows an unauthorized…
AI, Compliance, Data Breaches, Global Security News, Risk Management
Cynomi: Third-Party Risk is Untapped MSP Revenue Opportunity
Cynomi has released its latest industry guide, The Rise of Third-Party Risk Management: Securing the Modern Perimeter, offering a practical roadmap for MSPs to formalize, scale, and monetize third-party risk management (TPRM). Scaling third-party risk management According to the guide, TPRM represents the largest untapped recurring revenue opportunity for managed service providers beyond human cyber…
Apps, Exploits, Global Security News
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below – CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on…
Global Security News
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10…
Global Security News
Microsoft releases Windows 10 KB5078885 extended security update
Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. […]
Global Security News
Windows 11 KB5079473 & KB5078883 cumulative updates released
Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
AI, Exploits, Global Security News, Network Security
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities. Disclose vulnerabilities: CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The…
AI, Global Security News, Government & Policy
No more soft play, President Trump warns in new cyber strategy
The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining U.S. leadership in cyberspace. The seven-page cyber strategy commits to a coordinated, government-wide response to cyber threats that extends beyond cyberspace and relies on close cooperation with allies, industry, and academia. “This strategy builds on President…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security
Reading White House President Trump’s Cyber Strategy for America (March 2026)
White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape.…
AI, APAC, china, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Politics, privacy
Trump’s cyber strategy emphasizes offensive operations, deregulation, AI
The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center of US policy. Developed by the Office of the National Cyber Director (ONCD), the strategy emphasizes disrupting adversaries, deregulating industry, and accelerating the adoption of artificial intelligence while…
AI, APAC, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, privacy
The long-awaited Trump cyber strategy has arrived
President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five…
AI, Global Security News
Cyolo PRO 7.0 expands OT-first secure remote access with AI session intelligence
Cyolo has released Cyolo PRO (Privileged Remote Operations) v7.0, a major update that expands OT-first secure remote access and strengthens protection for critical infrastructure and industrial environments without disrupting operations. Secure remote access (SRA) tools focus primarily on managing access. Cyolo has always delivered a more holistic approach, designed to govern all scopes of access…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security
Cisco reveals 2 max-severity defects in firewall management software
Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices. The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC)…
Global Security News
Windows 10 KB5075039 update fixes broken Recovery Environment
Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment. […]
Global Security News
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. […]
AI, Global Security News
OpenAI Updates ChatGPT with GPT-5.3 Instant Model
OpenAI has released GPT-5.3 Instant, a new version of the model that powers much of the day-to-day ChatGPT experience. The focus this time is something more practical than just reasoning benchmarks; it’s focused on improving reliability, response speed, and conversational quality. OpenAI promises a 26 percent reduction in hallucinations According to OpenAI, GPT-5.3 Instant reduces…
Global Security News
Immutable Linux distribution Nitrux 6.0.0 adds GPU passthrough, boot-level recovery, C++ update system
Nitrux 6.0.0, released March 3, 2026, packages several components that security practitioners running Linux workstations will find worth examining: a new hypervisor orchestrator with IOMMU-enforced isolation, a rewritten update system with cryptographic verification, and a recovery mechanism that operates from within the boot process itself. The distribution, built by Nitrux Latinoamericana, runs on an immutable…
Exploits, Global Security News
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. […]
AI, Apps, Endpoint, Europe, Global Security News, Network Security, privacy
Windows 11 Insider Previews: What’s in the latest build?
Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features. Skip to the latest builds The Windows…
AI, Global Security News, Network Security
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade
Network firewall distribution IPFire released Core Update 200, marking the 200th incremental update to the 2.29 branch. The release bundles a kernel upgrade, a beta domain blocklist service, security patches for OpenSSL and glibc, and a range of component updates. The kernel has been rebased on Linux 6.18.7 LTS, bringing updated hardware security mitigations alongside…
AI, Compliance, Data Breaches, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management
Kiteworks Flags Canada Sovereignty Compliance Gaps
Kiteworks’ newly released “2026 Data Security and Compliance Risk: Data Sovereignty Report” finds that Canadian organisations report the lowest sovereignty incident rate among surveyed regions — yet channel leaders warn that the risk environment is intensifying, not stabilizing. The cross-regional survey of 286 security, compliance, and IT professionals across Canada, Europe, and the Middle East…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Trend Micro Patches Critical Apex One RCE Flaws
Trend Micro has released patches for two high-severity vulnerabilities in its Apex One endpoint security platform. The flaws impact the Apex One management console and could allow remote code execution on unpatched systems. One of the vulnerabilities, CVE-2025-71210, “… could allow a remote attacker to upload malicious code and execute commands on affected installations,” said…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […]
AI, Exploits, Global Security News, Network Security
Juniper issues emergency patch for critical PTX router RCE
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers. Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers. The company urges customers to apply the…
Compliance, Europe, Global Security News, Government & Policy
Versa introduces cloud-based sovereign solution for enterprises of all sizes
Versa released Sovereign SASE-as-a-Service, a cloud-delivered SaaS offering in which the data, control, and management planes operate entirely within a region’s legal jurisdiction. Digital sovereignty has moved from a compliance consideration to a board-level decision. Across Europe and other regions, governments are asserting stronger authority over data residency and protection. The European Union’s GDPR, NIS2,…
AI, Global Security News, Network Security
Zyxel warns of critical RCE flaw affecting over a dozen routers
Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command execution on unpatched devices. […]
Global Security News, Network Security
Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool
Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. […]
Exploits, Global Security News
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system…
AI, Exploits, Global Security News, Network Security, Risk Management
VMware fixes command injection flaw in Aria Operations
VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most serious of these flaws allows unauthenticated attackers to execute arbitrary commands on the underlying OS, while another gives authenticated users the ability to elevate to administrator privileges. The…
AI, Compliance, Global Security News, Risk Management
News alert: Sendmarc highlights impact of DMARC update on evolving email security standards
WILMINGTON, Del., Feb. 24, 2026, CyberNewswire — Sendmarc has released a new fireside chat featuring Todd Herr, Principal Solutions Architect at GreenArrow Email and co-editor of DMARCbis, on the upcoming update to DMARC (Domain-based Message Authentication, Reporting, and Conformance). Led by Dan Levinson of Sendmarc, the fireside chat explains how the protocol is progressing through the IETF (Internet Engineering Task Force) standards…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Google Patches Three High-Severity Chrome Flaws
Google has released a security update for its Chrome browser that addresses three high-severity vulnerabilities, which could pose risk to users. One of the vulnerabilities, CVE-2026-3061, allows “… a remote attacker to perform an out-of-bounds memory read via a crafted HTML page,” said NIST in its advisory. Inside the Chrome Vulnerabilities The security update addresses…
AI, Global Security News, Risk Management
Index Engines: Ransomware Shifting To Polymorphism & Wiper Attacks
Cyber resilience solutions provider Index Engines has released a new study from its CyberSense Research Lab, finding that threat actors are increasingly using polymorphism, shadow encryption, and directory corruption in their attacks. Four ransomware developments observed in Q4 2025 According to the company, these techniques were used specifically to bypass traditional defenses, increase dwell time,…
Global Security News
Microsoft extends security patching for three Windows products at a price
Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on October 13, 2026, followed by Windows Server 2016 on January 12, 2027. Microsoft states that organizations still running these products will…
AI, Global Security News
WhatsApp is adding another lock to your account
Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to introduce an additional layer of protection beyond the app’s current authentication options. WhatsApp is exploring the implementation of a feature that will introduce a password (Source: WABetaInfo) The feature will allow…
AI, Compliance, Global Security News
Security Compass brings policy-driven security and compliance to agentic AI development
Security Compass released SD Elements for Agentic AI Workflow, enabling organizations to stay in control of security and compliance as AI becomes part of software development. AI agents introduce an unprecedented opportunity to accelerate the velocity of software development, but concerns about security and compliance are holding back adoption in regulated industries. Emerging laws like…
AI, Cybersecurity, Global Security News, Network Security
Nozomi Networks Labs Report Finds Healthcare Services the Most Targeted Industry in Australia
The latest Nozomi Networks Labs OT & IoT Security Report released today finds healthcare services was the most targeted industry in Australia, followed by manufacturing. During the second half of last year, threat actors increased their usage of generative AI in their activity, attacks against companies in English-speaking countries are increasing in scale and have…
AI, Global Security News
Claude Sonnet 4.6 launches with improved coding and expanded developer tools
Anthropic released Claude Sonnet 4.6, marking its second major AI launch in less than two weeks. Scores prior to Claude Sonnet 4.5 (Source: Anthropic) According to Anthropic, Sonnet 4.6 delivers improved coding skills to more users. Tasks that once required an Opus-class model, including economically valuable office work, are handled by Sonnet 4.6. The model…
AI, china, Exploits, Global Security News, malware
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust…
AI, Global Security News, Risk Management
HaystackID delivers audit-ready AI governance for high-risk, regulated environments
HaystackID has released HaystackID AI Governance Services, a new portfolio designed to help organizations move from AI principles and policies to an execution-ready governance operating model. The launch comes as organizations face converging regulatory timelines. EU AI Act obligations have been in effect since February 2025, with additional high-risk system requirements phasing in through August…
AI, Global Security News
Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta
Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS.…
AI, Global Security News, malware
REMnux v8 brings AI integration to the Linux malware analysis toolkit
REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04 and a new capability aimed at connecting AI agents directly to its toolset. REMnux is designed for analyzing malicious software, phishing artifacts, suspicious documents, and related forensic data. The project includes more than 200 preconfigured…
Compliance, Data Breaches, Global Security News, Risk Management
Passwork 7.4 enhances enterprise security with centralized User vault restrictions
Passwork has released version 7.4, introducing restrictive settings for User vaults along with enhancements to improve security and user experience. The update enables administrators to enforce stricter controls over password sharing and distribution, reducing data breach risks and supporting compliance with strong security policies. Key features of Passwork 7.4 Restrictive settings for User Vaults: Administrators…
AI, Global Security News, Risk Management
Microsoft equips CISOs and AI risk leaders with a new security tool
Microsoft released Security Dashboard for AI in public preview for enterprise environments. The dashboard aggregates posture and real-time risk signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview into a single view within security tools. Security Dashboard for AI in browser (Source: Microsoft) “The dashboard equips CISOs and AI risk leaders with a governance tool…
AI, Exploits, Global Security News
Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)
Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said. About CVE-2026-2441 CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code…
Global Security News, privacy
Android 17 beta brings privacy, security, and performance changes
Google has released the first beta of Android 17, giving developers an early view of changes to core app behavior, platform tooling, performance, media handling, and connectivity. The company plans to move quickly from this beta toward the Platform Stability milestone, targeted for March, where final APIs and behavior definitions for apps will be delivered.…
Exploits, Global Security News
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. […]
AI, Exploits, Global Security News
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming…
AI, Exploits, Global Security News, Government & Policy
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support…
AI, Global Security News
OpenAI released GPT-5.3-Codex-Spark, a real-time coding model
OpenAI has released a research preview of GPT-5.3-Codex-Spark, an ultra-fast model for real-time coding in Codex. It is available to ChatGPT Pro users in the latest versions of the Codex app, the command-line interface, and the VS Code extension. The model delivers over 1,000 tokens per second when served on ultra-low-latency hardware while remaining capable…
AI, Don't miss, Exploits, Global Security News, Hot stuff, News, PoC, Social Engineering
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows system. About CVE-2026-20841 For many, many years, Windows Notepad was a simple text editor and a staple tool…
AI, Apple, Don't miss, Exploits, Global Security News, Hot stuff, News
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…
AI, Exploits, Global Security News
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability…
Apple, Exploits, Global Security News, Security
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. […]
AI, Apps, Exploits, Global Security News, Network Security, privacy
Apple Patches Everything: February 2026, (Wed, Feb 11th)
Today, Apple released updates for all of its operating systems (iOS, iPadOS, macOS, tvOS, watchOS, and visionOS). The update fixes 71 distinct vulnerabilities, many of which affect multiple operating systems. Older versions of iOS, iPadOS, and macOS are also updated.
Exploits, Global Security News
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
AI, Exploits, Global Security News
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a…
Global Security News, Microsoft, Security
Microsoft releases Windows 10 KB5075912 extended security update
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. […]
Global Security News, Microsoft, Software
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
AI, Channel Analysis, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management, Venture
JumpCloud Launches Venture Arm, Releases New AI Research
JumpCloud has launched a new venture capital arm and released research showing AI adoption is improving IT productivity while security, identity, and governance gaps continue to widen. The company this week introduced JumpCloud Ventures, an investment program focused on early-stage identity, security, AI, and IT productivity startups, alongside its Q1 2026 IT Trends Report. The…
AI, Global Security News, LLMs, Chatbots, and Agents, Network Security
NetBrain R12.3 Brings Agentic AI to Network Operations
NetBrain Technologies has released version 12.3 of its network operations platform, adding agentic AI capabilities designed to autonomously investigate network issues, recommend fixes, and guide engineers through remediation across hybrid and cloud environments. NetBrain Technologies touts manual workload reduction and time savings for engineers The Burlington, Mass.-based vendor positions the release as a step toward…
Global Security News
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability…