Topic: security updates
-
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More » -
F5 Issues Critical Patches for Stolen BIG-IP Vulnerabilities
F5 Networks issued critical security patches for its BIG-IP product line after a state-sponsored breach on August 9, 2025, which exposed proprietary source code and vulnerabilities, urging immediate installation to address 44 issues. The Cybersecurity and Infrastructure Security Agency (CISA) man...
Read More » -
Windows 10 Final Patch Tuesday Fixes 6 Zero-Day Flaws
Microsoft released security updates addressing 172 vulnerabilities, including six zero-day threats, with three already actively exploited, demanding immediate action from system administrators. Three critical zero-day vulnerabilities are under active exploitation: CVE-2025-59230 in Windows Remote...
Read More » -
October 2025 Patch Tuesday: Final Windows 10 Updates
Microsoft's October 2025 Patch Tuesday marks the final scheduled update for Windows 10, addressing 172 security vulnerabilities including two actively exploited zero-day flaws. Critical vulnerabilities include remote code execution bugs in Microsoft Office's Preview Pane and Windows Server Update...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More » -
Microsoft's Free Windows 10 Security Updates Now Mandatory in Europe
Microsoft will now provide free Extended Security Updates to European Economic Area consumers, removing the previous requirement to enable Windows Backup. This policy change resulted from pressure by consumer advocacy groups and is geographically limited to the EEA. The free security updates are ...
Read More » -
400 Million Windows PCs Face Critical Security Threat
Microsoft is ending security updates for Windows 10, leaving 400 million PCs vulnerable to cyber threats due to hardware incompatibility with Windows 11. The scale of affected devices is unprecedented, with 41% of global PCs running Windows 10, far exceeding previous Windows phase-outs and creati...
Read More » -
Microsoft Urged to Extend Windows 10 Support by Consumer Reports
Consumer Reports is urging Microsoft to extend free security updates for Windows 10 beyond October 14, warning it will leave millions of users vulnerable and create electronic waste. They criticized Microsoft's paid Extended Security Update program as inadequate and hypocritical, arguing it explo...
Read More » -
Microsoft Fixes 3 Actively Exploited Zero-Day Vulnerabilities
Microsoft patched three actively exploited zero-day vulnerabilities in its October 2025 Patch Tuesday, including flaws in a pre-installed modem driver, Windows Remote Access Connection Manager, and IGEL OS, requiring immediate updates. The vulnerabilities enable attackers to escalate privileges t...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Claim Your Free Windows Upgrade - Offer Ends in 72 Hours
Windows 10's standard support ends on October 14, but users can enroll in the free Extended Security Update (ESU) program to maintain security until October 2026, with no immediate risk post-deadline. The ESU program ensures continued protection, but delaying enrollment beyond October 14, 2025, l...
Read More » -
Get a Free Year of Windows 10: Last Chance for Millions
Microsoft will end Windows 10 support on October 14, 2025, halting security updates and leaving millions of devices vulnerable to threats, especially older hardware incompatible with Windows 11. The Extended Security Updates (ESU) program offers an additional year of protection for a $30 fee or b...
Read More » -
Windows 10 Support Ends Today: The First of Many Phases
Microsoft has ended support for Windows 10, ceasing critical security updates and technical assistance, which increases vulnerability to threats over time. Due to Windows 11's strict hardware requirements, about 40% of global Windows devices remain on the unsupported OS, unable to upgrade. Home u...
Read More » -
Millions Still Use Windows 10 as Support Deadline Nears
Windows 10 support ends on October 14, 2025, leaving systems without security updates and vulnerable to cyberattacks, with over 40% of global endpoints still using it. Microsoft and security experts urge users to upgrade to Windows 11 or enroll in the Extended Security Update program to maintain ...
Read More » -
A Critical Update for iOS Users
Apple's iOS 18.7 is a vital update for users not ready to jump to iOS 26. It ensures security without the full feature set of the latest OS, ideal for older iPhones and those wary of new system bugs. Quick to install, it keeps devices secure while Apple supports both versions.
Read More » -
Google Patches Critical Android Zero-Day Exploits in the Wild
Google has released a security update addressing over 100 Android vulnerabilities, including two actively exploited flaws that could compromise devices without user interaction. Critical vulnerabilities patched include CVE-2025-48543 and CVE-2025-38352, which allow local privilege escalation, and...
Read More » -
September 2025 Patch Tuesday: What to Expect from the CVE Matrix
CVE identifiers provide a universal system for cataloging and assessing software vulnerabilities, enabling organizations to prioritize and apply security patches effectively. Vulnerability scanners and Software Bills of Materials (SBOMs) help identify and manage security risks by linking system c...
Read More » -
SAP S/4HANA Vulnerability Actively Exploited in Attacks
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA allows attackers to execute unauthorized code and gain administrative control. Despite a patch being available since August 2025, many systems remain unpatched, leading to active exploitation in the wild. Successful attacks can result in se...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Has Microsoft Lost Its Way?
Under CEO Satya Nadella, Microsoft is aggressively pursuing AI initiatives while facing internal criticism over declining workplace morale and a perceived lack of empathy, contrasting with his initial philosophy. The company's strategic pivot includes significant workforce reductions and controve...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More » -
Microsoft Patches 6 Zero-Day Exploits in Critical October Update
Microsoft's October 2025 Patch Tuesday addresses 172 vulnerabilities, including six actively exploited zero-days and eight critical-rated flaws, with a focus on remote code execution and privilege escalation risks. Windows 10 has reached its end of support, requiring users to enroll in Extended S...
Read More » -
Cisco ASA Devices Face Surge in Network Scans
A significant surge in network scanning activity targeting Cisco ASA devices has been detected, with spikes in late August involving up to 25,000 unique IP addresses, suggesting potential vulnerability exploitation. The scanning was largely driven by a Brazilian botnet and focused heavily on the ...
Read More » -
Windows 11 25H2 Update Nears Public Release
The Windows 11 25H2 update is in its final testing phase and nearing public release, having moved to the Release Preview Channel. This update resets the security update timeline, providing two years of security support and sharing a servicing branch with the 24H2 release. It includes backend impr...
Read More » -
Urgent: NetScaler Zero-Day Exploit Actively Attacked (CVE-2025-7775)
Three critical vulnerabilities have been discovered in Citrix NetScaler ADC and Gateway devices, with CVE-2025-7775 already being actively exploited for remote code execution and denial of service. Citrix has released security updates for affected versions and strongly advises immediate patching,...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Microsoft Secures IE Mode After Hackers Exploit Legacy Backdoor
Microsoft has strengthened Internet Explorer mode security in Edge after attackers exploited zero-day vulnerabilities in August 2025, using social engineering to compromise systems. Attackers tricked users into reloading pages in IE mode, leveraging Chakra engine exploits for remote code executio...
Read More » -
Urgent Oracle EBS Vulnerability Alert (CVE-2025-61884)
A critical security flaw, CVE-2025-61884, has been identified in Oracle's E-Business Suite, affecting versions 12.2.3 to 12.2.14 and potentially earlier versions like 12.1.3, allowing unauthenticated attackers to exploit it via HTTP. Exploitation of this vulnerability could result in unauthorized...
Read More » -
October 2025 Patch Tuesday: Microsoft's Decade-Long Era Ends
Multiple key Microsoft products, including Windows 10, Office 2016/2019, and Exchange Server 2016/2019, are reaching end-of-life this October, ceasing standard security updates and requiring immediate migration to supported platforms. Organizations must upgrade Office suites to Microsoft 365 Apps...
Read More » -
Cisco ASA Firewalls Remain Vulnerable to Zero-Day Attacks
Approximately 48,000 Cisco ASA devices remain vulnerable to active zero-day attacks, posing ongoing risks globally, with the majority located in the U.S. and other key countries. Attackers have used advanced tactics, including disabling logging and intercepting commands, to exploit vulnerabilitie...
Read More » -
Steam to End Support for 32-bit Windows as Usage Declines
Valve will end support for all 32-bit Windows versions of Steam starting January 1, 2026, aligning with industry trends toward 64-bit systems. After this date, 32-bit installations will no longer receive updates or security patches, and Valve will not provide technical support for these systems. ...
Read More » -
Urgent: CISA Warns of Active Attacks on Critical Adobe Flaw
CISA has issued a critical alert about active exploitation of a maximum-severity vulnerability (CVE-2025-54253) in Adobe Experience Manager, allowing attackers to execute malicious code on unpatched systems. The flaw, discovered by security researchers, enables unauthenticated attackers to bypass...
Read More » -
Windows 10 Support Ends, Leaving Millions Behind
Microsoft has officially ended support for Windows 10, ceasing updates and security patches, which creates vulnerabilities for many users whose hardware cannot upgrade to Windows 11 due to stricter requirements. In response, Microsoft is offering a free one-year extended security update program f...
Read More » -
Urgent Windows Update: 2-Week Security Deadline
Microsoft has released urgent security updates addressing two actively exploited zero-day vulnerabilities, with federal agencies mandated to patch within two weeks to prevent system compromise. CVE-2025-59230 is a local privilege escalation flaw in Windows Remote Access Connection Manager, while ...
Read More » -
F5 Hack Puts Thousands of Networks at Imminent Risk
A sophisticated nation-state hacking group breached F5's network, exposing proprietary source code and undisclosed vulnerability data, endangering thousands of government and corporate networks that rely on BIG-IP appliances. The attackers maintained persistent access for years, gaining control o...
Read More » -
Bose Removes Key Features From SoundTouch Speakers
Bose will discontinue cloud services for its SoundTouch speaker line on February 18, 2026, eliminating key features like integrated music streaming and multi-room audio synchronization. After the shutdown, devices will retain local playback via Bluetooth, AUX, or HDMI inputs, but the SoundTouch a...
Read More » -
Bose SoundTouch Speakers Lose Smart Features on Feb. 18
Bose will discontinue all support for its SoundTouch Wi-Fi speakers and soundbars on February 18, 2026, rendering the companion app and cloud-based features like music streaming and multi-room audio synchronization inoperable. After the shutdown, the devices will still function via AUX, HDMI, or ...
Read More » -
Patch Now: Critical SAP S/4HANA Bug Actively Exploited
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA cloud services is under active exploitation, allowing attackers to gain full administrative control with minimal user rights. The flaw, which has no workarounds, poses a severe risk to organizations across multiple sectors due to SAP's cent...
Read More » -
Microsoft's emergency Windows 11 update fixes critical recovery bug
Microsoft released an emergency update (KB5070773) for Windows 11 to fix a bug in the Windows Recovery Environment that blocked USB mouse and keyboard use during recovery or reset processes. The issue originated from the October 14th monthly update and affected Windows 11 versions 24H2 and 25H2, ...
Read More » -
Windows 11 25H2 ISOs Now Available for Insiders with New Features
Microsoft has released ISO installation media for Windows 11 version 25H2, enabling clean installations or upgrades for testers ahead of its public launch. The update is an enablement package that adds new features to the existing 24H2 base, offering smaller downloads and faster installation whil...
Read More »
