#patchnow — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #patchnow, aggregated by home.social.
-
📰 Critical 18-Year-Old 'NGINX Rift' Vulnerability (CVE-2026-42945) Under Active Attack
🚨 CRITICAL NGINX FLAW! An 18-year-old bug 'NGINX Rift' (CVE-2026-42945) is actively exploited for DoS & RCE. Affects millions of web servers. Patch immediately! #NGINX #CVE #Infosec #PatchNow
🌐 cyber[.]netsecops[.]io
-
📰 CISA Adds Seven New Vulnerabilities to 'Must-Patch' KEV Catalog
📢 CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to patch under BOD 22-01. All orgs are urged to prioritize these fixes to defend against active threats. #CISA #KEV #PatchNow ...
🌐 cyber[.]netsecops[.]io
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
🔴 New security advisory:
CVE-2026-20182 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-20182-catalyst-sd-wan-bypass-grants-admin-access -
🔴 New security advisory:
CVE-2026-20182 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-20182-catalyst-sd-wan-bypass-grants-admin-access -
🔴 New security advisory:
CVE-2026-42945 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc -
🔴 New security advisory:
CVE-2026-42945 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc -
Microsoft Issues Emergency Patch for Actively Exploited Windows Server Flaw CVE-2025-59287
#Microsoft #Cybersecurity #WindowsServer #WSUS #PatchTuesday #InfoSec #CVE #Vulnerability #Security #PatchNow #RCE #SysAdmin #ITPros #ZeroDay #Exploit
-
"🚨 Critical Vulnerability in Cisco IOS XE Software Web UI! 🚨"
Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system. 🕸️💻
Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure. 🚫🌐
For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory
Tags: #Cisco #IOSXE #WebUI #Vulnerability #PrivilegeEscalation #CyberSecurity #InfoSec #PatchNow 🛡️🔐
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Ny brist i WinRAR utnyttjas av minst två olika hackergrupper. Läs mer på bloggen:
https://kryptera.se/ny-brist-i-winrar-utnyttjas-av-minst-tva-hotaktorer/
#Cybersecurity #InfoSec #Security #Vulnerability #ZeroDay #PatchNow #WinRAR #CVE20258088 #PathTraversal #ThreatIntel #IncidentResponse #RomCom #PaperWerewolf #PhishingAlert
-
Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.
748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.
Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your networkBrother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.
Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.
Need help testing your network for exploitable print devices? Contact us and our pentest team can help!
Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
#CyberSecurity #PenetrationTesting #Pentest #Pentesting #PrinterSecurity #BrotherPrinters #CVE202451978 #Infosec #IT #SMB #CISO #Cyberaware #DFIR #ITSecurity #ZeroTrust #PatchNow #Pentest
-
⛔ New security advisory:
CVE-2026-32985 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32985-xerte-online-toolkits-rce-vulnerability-patch-immediately -
⛔ New security advisory:
CVE-2026-1435 affects Graylog Graylog.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://yazoul.net/advisory/cve/cve-2026-1435 -
Meta Alerts Users About Actively Exploited Freetype Vulnerability
#CyberSecurity #FreeType #CVE2025 #OpenSourceSecurity #SoftwareVulnerabilities #SecurityAlert #Meta #PatchNow
-
Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem
https://stackdiary.com/cisco-discloses-cve-2024-20419-for-ssm-on-prem/
#Cisco #Security #Vulnerability #Cybersecurity #CVSS #Hackers #Exploitation #ITsecurity #DataBreach #Software #TechNews #SecurityFlaw #NetworkSecurity #CriticalUpdate #Admins #DataProtection #PatchNow #Infosec #CyberThreats #SecureNetworks #TechUpdate #DigitalSafety #SoftwareBug #CyberDefense #CriticalVulnerability #ITupdate #SystemAdmin #SecureSoftware #NetworkAdmin #CyberAlert #CVE
-
🚨 Critical Magento & Adobe Commerce Flaw (CVE-2025-54236 – SessionReaper) 🚨
Impact: Customer account takeover + unauthenticated remote code execution (CVSS 9.1 Critical).
👉 Full details and action steps: https://hostvix.com/sessionreaper-critical-magento-adobe-commerce-vulnerability-cve-2025-54236/
#Magento #AdobeCommerce #SessionReaper #CVE202554236 #CVE #Infosec #CyberSecurity #AppSec #WebSecurity #SecOps #BlueTeam #RedTeam #ThreatIntel #Vulnerability #PatchNow #ZeroDay #Exploit #EcommerceSecurity #DataSecurity #SecurityUpdate
-
"🔐 #KeyTrap DoS: The DNSSEC Dilemma - A 25-Year-Old Design Flaw Exposed 🚨"
In a groundbreaking discovery, researchers from the National Research Center for Applied Cybersecurity ATHENE have unveiled #KeyTrap (CVE-2023-50387), a critical flaw in DNSSEC's design that could bring the internet to its knees. With a severity rating of 7.5/10, this flaw in DNSSEC has been lurking since 1999, and affects 31% of global DNSSEC-validating DNS resolvers, risking widespread internet service disruptions. KeyTrap, an Algorithmic Complexity Attack, can overload a DNS server with a single packet, stalling major DNS providers like Google and Cloudflare for up to 16 hours. This vulnerability not only jeopardizes internet access but could also cripple essential security mechanisms like anti-spam defenses and PKI. Despite patches being rolled out, a permanent fix may necessitate a DNSSEC standard overhaul. 🌍💻🛡️
Tags: #CyberSecurity #DNSSEC #Vulnerability #InternetSafety #PatchNow #TechNews #InfoSecExchange #SecurityFlaw #DigitalInfrastructure 🚀🔒💡
Source: ATHENE Press Portal
-
VMware has issued a security advisory advising customers of 4 critical vulnerabilities that allows users with local administrator privileges in a VM to perform VM escapes.
www.vmware.com/security/advisories/VMSA-2024-0006.html
#vmware #patchnow #vulnerability #VMEscape #VM -
"⚠️ Critical RCE Alert: 3,000 Apache ActiveMQ Servers at Risk! ⚠️"
Over 3,000 Apache ActiveMQ servers are exposed online, vulnerable to a critical RCE flaw (CVE-2023-46604, CVSS v3: 10.0). Immediate patching is urged to prevent potential data theft and network compromise. Stay vigilant! 🛡️💻
Apache ActiveMQ is an open-source message broker for secure communication between clients and servers, supporting Java and various cross-language clients and protocols like AMQP, MQTT, OpenWire, and STOMP.
The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE that allows attackers to execute arbitrary shell commands by exploiting class types in the OpenWire protocol.
According to Apache's disclosure on October 27, 2023, this vulnerability affects the following Apache ActiveMQ and Legacy OpenWire Module versions:
- Versions before 5.18.3 in the 5.18.x series
- Versions before 5.17.6 in the 5.17.x series
- Versions before 5.16.7 in the 5.16.x series
- All versions before 5.15.16
To address this issue, fixes have been released in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. It's recommended to upgrade to one of these versions to enhance your IT security.
Tags: #CyberSecurity #RCE #ApacheActiveMQ #Vulnerability #PatchNow #InfoSec #ServerSecurity #CVE202346604 🚨🔐
Source: BleepingComputer
Author: Bill Toulas
-
🚨 [#PatchNow] New VM2 #SandboxEscape... Two critical vulns are out in the #VM2 #Sandbox Library. These flaws affect all versions prior to 3.9.17 and both carry a CVSS score of 9.8.
If exploited, a threat actor could escape protection boundaries and execute arbitrary code. A patch has been released. so get it and update: https://www.bleepingcomputer.com/news/security/new-sandbox-escape-poc-exploit-available-for-vm2-library-patch-now.
These two CVEs (CVE-2023-29199 and CVE-2023-30547) were discovered by Seung Hyun Lee.
https://nvd.nist.gov/vuln/detail/CVE-2023-29199
-
[#PatchNow] A critical vulnerability in #VM2 Sandbox Library is a flaw affecting all versions with CVSS score of 9.8. If exploited, it could allow a threat actor to escape protection boundaries and execute arbitrary code on target systems. This is patched in version 3.9.15.
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://thehackernews.com/2023/04/researchers-discover-critical-remote.html | #infosec #vuln #patchmanagement
-
A third party report highlights a critical auth bypass in AdGuard Home that could grant admin control to attackers. Users are urged to patch immediately and review access controls. 🛡️🔧 Update to the latest release and rotate credentials. More: https://cyberinsider.com/adguard-home-vulnerable-to-critical-auth-bypass-allowing-admin-control/ #CyberSecurity #AdGuardHome #Vulnerability #PatchNow
-
📢⚠️🩹 #Cisco has patched 48 vulnerabilities in its Secure Firewall products, including 2 critical CVSS 10 flaws that could allow authentication bypass and remote code execution with root access - Patch NOW!
Read: https://hackread.com/cisco-patches-firewall-vulnerabilities-cvss-10-flaws/
-
Microsoft warnt vor einer kritischen 0‑Day‑Lücke in Microsoft Office und ruft zur sofortigen Installation des Notfall‑Updates auf. um Unternehmen und Nutzer vor aktiven Angriffen zu schützen. 🛡️🧩 Mehr Infos: https://www.heise.de/news/Notfall-Update-gegen-Zeroday-in-Microsoft-Office-11154976.html #Microsoft #Office #Security #ITSecurity #PatchNow
#OnlyOffice ist auch sehr gut https://onlyoffice.com/de/download-desktop
-
Microsoft has rushed out an emergency security update for Office (CVE‑2026‑21509) after confirming the flaw is already being exploited in the wild. 🔐
The high‑severity security feature bypass lets attackers bypass OLE protections and run malicious code via specially crafted Office files. 📄⚠️
👉 Microsoft issues emergency fix for actively exploited Office flaw:
https://cyberinsider.com/microsoft-issues-emergency-fix-for-actively-exploited-office-flaw/
#Microsoft #Office #Security #CVE202621509 #PatchNowThrere is also #OnlyOffice
-
CISA warnt vor aktiven Angriffen auf Apple-WebKit-Lücken und Gladinet-Dienste – Updates sind bereits verfügbar. 🚨🔐 Wer iOS, macOS & Co. nutzt, sollte jetzt patchen, bevor Angreifer nachziehen. 👉 https://www.heise.de/news/Updaten-Warnung-vor-Angriffen-auf-Apple-Luecken-und-Gladinet-11116020.html #CyberSecurity #Apple #PatchNow #Newz
-
Cybersecurity Weekly Roundup (Nov 16–22)
Chrome zero day; Oracle Identity Manager RCE (KEV); FortiWeb exploited; SonicWall SSLVPN flaw; Cloudflare outage; WhatsApp enumeration. Plus: Logitech breach, 7-Zip PoC, Salesforce/Gainsight ripple, Dutch takedown.
Actions: Patch edge first, push Chrome, rotate keys and OAuth, rehearse failover.
Read: https://www.kylereddoch.me/blog/cybersecurity-weekly-roundup-for-november-16-23-2025/
-
🚨 Fortinet has released patches for two actively exploited vulnerabilities in its #FortiWeb web-application firewalls. One allows full takeover, the other enables command injection.
Update now: https://hackread.com/fortinet-fixes-fortiweb-takeover-flaw-active-attacks/
-
🚨 Urgent patch alert: a 9.9/10 severity flaw (CVE-2025-42887) in #SAP Solution Manager allows code injection and full system takeover. Act now.
Read: https://hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
-
CISA just confirmed a nasty Windows SMB bug (CVE-2025-33073) is being actively exploited.
It lets an attacker gain SYSTEM privileges by tricking a machine into connecting to a bad SMB server.
All Windows Server versions, Win10, and Win11 are affected. A patch was released in June 2025.
CISA has officially added it to their must-patch (KEV) list.
#CyberSecurity #Windows #CVE #PatchNow
#CyberSecurity #InfoSec #CVE #Windows #SMB #CISA #Vulnerability
-
🚨 CISA warns of active attacks on Linux, Android & Sitecore! 🐧📱🖥️ High & critical risks: privilege escalation & code injection. Updates available—patch now! More on CVEs & risks👇 #Cybersecurity #InfoSec #PatchNow #newz
https://www.heise.de/en/news/Attacks-on-vulnerabilities-in-Linux-Android-and-Sitecore-10633249.html
-
🔒 Die CISA warnt: Aktuelle Angriffe auf #Linux, #Android & #Sitecore nutzen kritische Schwachstellen aus! Jetzt dringend Updates installieren, um Systeme abzusichern. Mehr Details 👇
https://www.heise.de/news/Angriffe-auf-Luecken-in-Linux-Android-und-Sitecore-10633165.html
#CyberSecurity #PatchNow #newz -
FortiWeb-Admins aufgepasst! 🚨 Für die kritische #Sicherheitslücke (CVE-2025-25257, CVSS 9.6) steht jetzt ein Exploit bereit – Angreifer können ohne Login SQL-Injection & Codeausführung erreichen. Jetzt dringend patchen! 🔒 Mehr Infos: https://www.heise.de/news/Exploit-verfuegbar-FortiWeb-Sicherheitsluecke-jetzt-patchen-10485654.html #Cybersecurity #Fortinet #PatchNow
#newzKurzlink: https://heise.de/-10485654
-
If you got any Windows server 0days, now is the time.
-
🚨 Major zero-day alert: A vulnerability is being actively exploited in AMI’s MegaRAC BMC software, potentially impacting thousands of servers across AMD, ARM, Supermicro, and more.
🧠 Redfish interface flaw enables full root access
🔓 Attackers can bypass authentication entirely
🖥️ Supply chain vendors affected
🌐 BMCs exposed to the internet = catastrophic risk
📆 CISA deadline for mitigation: July 16This isn’t theoretical. Exploitation is happening now. If you haven’t patched and locked down your out-of-band server management, you’re leaving the door wide open.
💬 Is your team treating BMCs as a core part of your threat surface?
#CyberSecurity #ZeroDay #VulnerabilityManagement #CISO #PatchNow
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/ -
Critical security flaws discovered in VMware core products including vCenter Server and ESXi. Vulnerabilities could allow command execution and service disruption. Updates available now to protect your infrastructure.
#SecurityLand #CyberWatch #Broadcom #VMware #Vulnerability #PatchNow #SecurityVulnerability #Technology
-
🚨 Firefox just patched 2 critical zero-days exploited at #Pwn2Own Berlin! 🦊💻 Hackers earned $100K for finding flaws that could expose sensitive data or enable code execution. Users are urged to update ASAP for protection! 🔒 Read more: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html #CyberSecurity #ZeroDay #Firefox #PatchNow #newz
-
🚨✨ Critical Alert: SSH ProxyCommand Vulnerability! Dive into the details of CVE-2023-51385, a severe code execution flaw, exposing servers to shell injection. Discover insights, mitigation strategies, and stay ahead of potential threats. 🔐💻
https://www.relianoid.com/blog/ssh-proxycommand-unexpected-code-execution-cve-2023-51385/
#SSHSecurity #CyberRisk #CodeExecutionFlaw #InfoSec #VulnerabilityAlert #SSHProxyCommand #CyberThreats #MitigationStrategies #TechSecurity #CVE2023_51385 #CyberDefense #SSHVulnerability #InfoSecInsights #ServerSecurity #PatchNow
-
📰 Foxit PDF Reader Flaw (CVE-2026-5942) Could Lead to Information Disclosure
📄 Foxit PDF Reader users: A use-after-free flaw (CVE-2026-5942) has been disclosed. It can leak sensitive info and requires opening a malicious file. A patch is available. #Foxit #Vulnerability #CyberSecurity #PatchNow
-
[#FYSA] [Vuln] Critical Vulnerabilities in #VMware Aria Operations for Logs: VMware released software to remediate four security vulnerabilities affecting #vRealize Log Insight (aka #AriaOperations for Logs) that could expose users to remote code execution attacks.
Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.
https://thehackernews.com/2023/01/vmware-releases-patches-for-critical.html | #infosec #patchmanagement #patchnow #vulnerabilitymanagement
-
❗️#CERTWarnung❗️
Die #Schwachstelle CVE-2023-46604 in Apache #ActiveMQ wird aktiv ausgenutzt. Entfernte Angreifende können ActiveMQ Server kompromittieren und Ransomware-Angriffe durchführen.
Mehr dazu hier: 👉 https://www.bsi.bund.de/dok/1099178
