#patchnow — Public Fediverse posts

⛔ New security advisory:

CVE-2026-32985 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32985-xerte-online-toolkits-rce-vulnerability-patch-immediately

#Cybersecurity #PatchNow #InfoSecCommunity

⛔ New security advisory:

CVE-2026-1435 affects Graylog Graylog.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-1435

#Cybersecurity #PatchNow #InfoSecCommunity

Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.

Fixes are available in the latest enterprise versions. Immediate updates recommended.

💬 Share your thoughts and follow TechNadu for more technical updates.

#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness

Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.

Fixes are available in the latest enterprise versions. Immediate updates recommended.

💬 Share your thoughts and follow TechNadu for more technical updates.

#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness

Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.

Fixes are available in the latest enterprise versions. Immediate updates recommended.

💬 Share your thoughts and follow TechNadu for more technical updates.

#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness

Microsoft Issues Emergency Patch for Actively Exploited Windows Server Flaw CVE-2025-59287

#Microsoft #Cybersecurity #WindowsServer #WSUS #PatchTuesday #InfoSec #CVE #Vulnerability #Security #PatchNow #RCE #SysAdmin #ITPros #ZeroDay #Exploit

https://winbuzzer.com/2025/10/24/microsoft-issues-emergency-patch-for-actively-exploited-windows-server-flaw-cve-2025-59287-xcxwbn

🚨 Critical Magento & Adobe Commerce Flaw (CVE-2025-54236 – SessionReaper) 🚨

Impact: Customer account takeover + unauthenticated remote code execution (CVSS 9.1 Critical).

👉 Full details and action steps: https://hostvix.com/sessionreaper-critical-magento-adobe-commerce-vulnerability-cve-2025-54236/

#Magento #AdobeCommerce #SessionReaper #CVE202554236 #CVE #Infosec #CyberSecurity #AppSec #WebSecurity #SecOps #BlueTeam #RedTeam #ThreatIntel #Vulnerability #PatchNow #ZeroDay #Exploit #EcommerceSecurity #DataSecurity #SecurityUpdate

Ny brist i WinRAR utnyttjas av minst två olika hackergrupper. Läs mer på bloggen:

https://kryptera.se/ny-brist-i-winrar-utnyttjas-av-minst-tva-hotaktorer/

#Cybersecurity #InfoSec #Security #Vulnerability #ZeroDay #PatchNow #WinRAR #CVE20258088 #PathTraversal #ThreatIntel #IncidentResponse #RomCom #PaperWerewolf #PhishingAlert

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

#CyberSecurity #PenetrationTesting #Pentest #Pentesting #PrinterSecurity #BrotherPrinters #CVE202451978 #Infosec #IT #SMB #CISO #Cyberaware #DFIR #ITSecurity #ZeroTrust #PatchNow #Pentest

Meta Alerts Users About Actively Exploited Freetype Vulnerability

#CyberSecurity #FreeType #CVE2025 #OpenSourceSecurity #SoftwareVulnerabilities #SecurityAlert #Meta #PatchNow

https://winbuzzer.com/2025/03/14/meta-alerts-users-about-actively-exploited-freetype-vulnerability-xcxwbn/

Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem

https://stackdiary.com/cisco-discloses-cve-2024-20419-for-ssm-on-prem/

#Cisco #Security #Vulnerability #Cybersecurity #CVSS #Hackers #Exploitation #ITsecurity #DataBreach #Software #TechNews #SecurityFlaw #NetworkSecurity #CriticalUpdate #Admins #DataProtection #PatchNow #Infosec #CyberThreats #SecureNetworks #TechUpdate #DigitalSafety #SoftwareBug #CyberDefense #CriticalVulnerability #ITupdate #SystemAdmin #SecureSoftware #NetworkAdmin #CyberAlert #CVE

VMware has issued a security advisory advising customers of 4 critical vulnerabilities that allows users with local administrator privileges in a VM to perform VM escapes.

www.vmware.com/security/advisories/VMSA-2024-0006.html

#vmware #patchnow #vulnerability #VMEscape #VM

"🔐 #KeyTrap DoS: The DNSSEC Dilemma - A 25-Year-Old Design Flaw Exposed 🚨"

In a groundbreaking discovery, researchers from the National Research Center for Applied Cybersecurity ATHENE have unveiled #KeyTrap (CVE-2023-50387), a critical flaw in DNSSEC's design that could bring the internet to its knees. With a severity rating of 7.5/10, this flaw in DNSSEC has been lurking since 1999, and affects 31% of global DNSSEC-validating DNS resolvers, risking widespread internet service disruptions. KeyTrap, an Algorithmic Complexity Attack, can overload a DNS server with a single packet, stalling major DNS providers like Google and Cloudflare for up to 16 hours. This vulnerability not only jeopardizes internet access but could also cripple essential security mechanisms like anti-spam defenses and PKI. Despite patches being rolled out, a permanent fix may necessitate a DNSSEC standard overhaul. 🌍💻🛡️

CVE Details: mitre & nvd

Tags: #CyberSecurity #DNSSEC #Vulnerability #InternetSafety #PatchNow #TechNews #InfoSecExchange #SecurityFlaw #DigitalInfrastructure 🚀🔒💡

Source: ATHENE Press Portal

GitLab admins: Get patchin'. Now. https://cku.gt/D4bjM
This 0day is exploited ITW as we speak, I have multiple reports of successful admin account takeovers.
#0day #gitlab #privesc #patchnow #cvss10

"⚠️ Critical RCE Alert: 3,000 Apache ActiveMQ Servers at Risk! ⚠️"

Over 3,000 Apache ActiveMQ servers are exposed online, vulnerable to a critical RCE flaw (CVE-2023-46604, CVSS v3: 10.0). Immediate patching is urged to prevent potential data theft and network compromise. Stay vigilant! 🛡️💻

Apache ActiveMQ is an open-source message broker for secure communication between clients and servers, supporting Java and various cross-language clients and protocols like AMQP, MQTT, OpenWire, and STOMP.

The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE that allows attackers to execute arbitrary shell commands by exploiting class types in the OpenWire protocol.

According to Apache's disclosure on October 27, 2023, this vulnerability affects the following Apache ActiveMQ and Legacy OpenWire Module versions:

• Versions before 5.18.3 in the 5.18.x series
• Versions before 5.17.6 in the 5.17.x series
• Versions before 5.16.7 in the 5.16.x series
• All versions before 5.15.16

To address this issue, fixes have been released in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. It's recommended to upgrade to one of these versions to enhance your IT security.

Tags: #CyberSecurity #RCE #ApacheActiveMQ #Vulnerability #PatchNow #InfoSec #ServerSecurity #CVE202346604 🚨🔐

Source: BleepingComputer

Author: Bill Toulas

"🚨 Critical Vulnerability in Cisco IOS XE Software Web UI! 🚨"

Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system. 🕸️💻

Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure. 🚫🌐

For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory

Tags: #Cisco #IOSXE #WebUI #Vulnerability #PrivilegeEscalation #CyberSecurity #InfoSec #PatchNow 🛡️🔐