Topic: security updates
-
Microsoft Fixes 59 Flaws, 6 Already Under Attack
Microsoft has patched 59 vulnerabilities, with six actively exploited flaws requiring urgent updates to prevent breaches. The exploited vulnerabilities include security bypasses and privilege escalations, which can allow attackers to disable security tools or compromise networks. Microsoft is als...
Read More » -
Microsoft Patches Critical Zero-Day and 63 Flaws
Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities, including one actively exploited zero-day and four critical issues, requiring immediate deployment by system administrators. The update includes the first extended security update (ESU) for Windows 10, urging organizations to u...
Read More » -
Microsoft's December Updates Break Message Queuing
Microsoft's December 2025 security updates are causing Message Queuing (MSMQ) to fail, disrupting business applications and IIS websites on several Windows versions. The failure occurs because the updates changed permissions on a key system folder, requiring MSMQ users to have write access typica...
Read More » -
Urgent Microsoft Update: Patch Windows 10, 11, Server Now
Microsoft has urgently patched a zero-day vulnerability (CVE-2025-62215) in the Windows Kernel, which is already being actively exploited to gain system-level privileges. The flaw involves improper synchronization in concurrent execution, allowing attackers to escalate privileges after initial ac...
Read More » -
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More » -
F5 Issues Critical Patches for Stolen BIG-IP Vulnerabilities
F5 Networks issued critical security patches for its BIG-IP product line after a state-sponsored breach on August 9, 2025, which exposed proprietary source code and vulnerabilities, urging immediate installation to address 44 issues. The Cybersecurity and Infrastructure Security Agency (CISA) man...
Read More » -
Windows 10 Final Patch Tuesday Fixes 6 Zero-Day Flaws
Microsoft released security updates addressing 172 vulnerabilities, including six zero-day threats, with three already actively exploited, demanding immediate action from system administrators. Three critical zero-day vulnerabilities are under active exploitation: CVE-2025-59230 in Windows Remote...
Read More » -
October 2025 Patch Tuesday: Final Windows 10 Updates
Microsoft's October 2025 Patch Tuesday marks the final scheduled update for Windows 10, addressing 172 security vulnerabilities including two actively exploited zero-day flaws. Critical vulnerabilities include remote code execution bugs in Microsoft Office's Preview Pane and Windows Server Update...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More » -
Microsoft's Free Windows 10 Security Updates Now Mandatory in Europe
Microsoft will now provide free Extended Security Updates to European Economic Area consumers, removing the previous requirement to enable Windows Backup. This policy change resulted from pressure by consumer advocacy groups and is geographically limited to the EEA. The free security updates are ...
Read More » -
CISA Warns of Active Android Attacks - Update Now
CISA has issued an urgent directive for federal employees to apply critical Android security updates by December 23 or stop using their devices, serving as a severe warning to all consumers about active threats. Google and Samsung have confirmed severe, actively exploited vulnerabilities that can...
Read More » -
400 Million Windows PCs Face Critical Security Threat
Microsoft is ending security updates for Windows 10, leaving 400 million PCs vulnerable to cyber threats due to hardware incompatibility with Windows 11. The scale of affected devices is unprecedented, with 41% of global PCs running Windows 10, far exceeding previous Windows phase-outs and creati...
Read More » -
Microsoft Urged to Extend Windows 10 Support by Consumer Reports
Consumer Reports is urging Microsoft to extend free security updates for Windows 10 beyond October 14, warning it will leave millions of users vulnerable and create electronic waste. They criticized Microsoft's paid Extended Security Update program as inadequate and hypocritical, arguing it explo...
Read More » -
Microsoft Fixes 3 Actively Exploited Zero-Day Vulnerabilities
Microsoft patched three actively exploited zero-day vulnerabilities in its October 2025 Patch Tuesday, including flaws in a pre-installed modem driver, Windows Remote Access Connection Manager, and IGEL OS, requiring immediate updates. The vulnerabilities enable attackers to escalate privileges t...
Read More » -
Windows 11 February Update: 8 Features to Expect
Microsoft will release a major Windows 11 update in February 2026, introducing Cross-Device Resume for Android phones to seamlessly transfer activities like media and documents to a PC. The update includes significant upgrades for audio professionals with enhanced Windows MIDI Services and allows...
Read More » -
Cisco Patches Critical Zero-Day Flaw in AsyncOS (CVE-2025-20393)
Cisco has patched a critical zero-day vulnerability (CVE-2025-20393) in its Email Security and Web Manager appliances, which was actively exploited by suspected state-sponsored actors. The flaw allowed unauthenticated attackers to execute root-level commands via a flaw in the Spam Quarantine feat...
Read More » -
Microsoft Patch Tuesday fixes 3 zero-days, 114 flaws in January 2026 update
Microsoft's January 2026 Patch Tuesday addresses 114 vulnerabilities, including eight critical flaws and three zero-days, with one confirmed as actively exploited. The actively exploited zero-day (CVE-2026-20805) is an information disclosure flaw in the Desktop Window Manager, while the other two...
Read More » -
How to Stay on iOS 18 and Skip the iOS 26 Update
Apple has stopped providing new iOS 18 security updates for compatible iPhones, effectively forcing users to upgrade to iOS 26 to receive critical patches, despite no pressing technical reason to mandate the new OS. This is a deliberate, recurring strategy from Apple, which historically offers on...
Read More » -
Protect Your Windows 10 From Hackers With This One Step
Windows 10's official security support ended in October 2025, leaving systems without critical patches and creating a significant, growing vulnerability risk. Users can temporarily mitigate this risk by enrolling in a paid Extended Security Updates program or by relying on Microsoft Defender upda...
Read More » -
Google Patches Actively Exploited Android Security Flaws
Google's December security update patches over 50 Android vulnerabilities, including two high-severity flaws in the Android Framework that are already being used in limited, targeted attacks. The two critical vulnerabilities (CVE-2025-48633 and CVE-2025-48572) could allow unauthorized access to s...
Read More » -
Android's December 2025 Security Patch: A Major Update
Google's December 2025 Android Security Bulletin details numerous critical vulnerabilities, including a severe flaw in the Android Framework that could enable remote denial-of-service attacks without special privileges. The update addresses high-severity system and kernel-level vulnerabilities th...
Read More » -
Secure Your Windows 10 PC With These Free Updates
Windows 10 users face security risks after mainstream support ends, but Microsoft offers an Extended Security Updates (ESU) program as a temporary safeguard until October 2026. Enrollment in the ESU program is free for European users and available worldwide via Windows Backup to OneDrive or Micro...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Claim Your Free Windows Upgrade - Offer Ends in 72 Hours
Windows 10's standard support ends on October 14, but users can enroll in the free Extended Security Update (ESU) program to maintain security until October 2026, with no immediate risk post-deadline. The ESU program ensures continued protection, but delaying enrollment beyond October 14, 2025, l...
Read More » -
Get a Free Year of Windows 10: Last Chance for Millions
Microsoft will end Windows 10 support on October 14, 2025, halting security updates and leaving millions of devices vulnerable to threats, especially older hardware incompatible with Windows 11. The Extended Security Updates (ESU) program offers an additional year of protection for a $30 fee or b...
Read More » -
Windows 10 Support Ends Today: The First of Many Phases
Microsoft has ended support for Windows 10, ceasing critical security updates and technical assistance, which increases vulnerability to threats over time. Due to Windows 11's strict hardware requirements, about 40% of global Windows devices remain on the unsupported OS, unable to upgrade. Home u...
Read More » -
Millions Still Use Windows 10 as Support Deadline Nears
Windows 10 support ends on October 14, 2025, leaving systems without security updates and vulnerable to cyberattacks, with over 40% of global endpoints still using it. Microsoft and security experts urge users to upgrade to Windows 11 or enroll in the Extended Security Update program to maintain ...
Read More » -
A Critical Update for iOS Users
Apple's iOS 18.7 is a vital update for users not ready to jump to iOS 26. It ensures security without the full feature set of the latest OS, ideal for older iPhones and those wary of new system bugs. Quick to install, it keeps devices secure while Apple supports both versions.
Read More » -
Google Patches Critical Android Zero-Day Exploits in the Wild
Google has released a security update addressing over 100 Android vulnerabilities, including two actively exploited flaws that could compromise devices without user interaction. Critical vulnerabilities patched include CVE-2025-48543 and CVE-2025-38352, which allow local privilege escalation, and...
Read More » -
September 2025 Patch Tuesday: What to Expect from the CVE Matrix
CVE identifiers provide a universal system for cataloging and assessing software vulnerabilities, enabling organizations to prioritize and apply security patches effectively. Vulnerability scanners and Software Bills of Materials (SBOMs) help identify and manage security risks by linking system c...
Read More » -
Windows 11 Update Fixes Boot Failures After Failed Installs
Microsoft resolved a Windows 11 boot failure bug with its February 2026 security update (KB5077181), which had caused commercial systems to display a black screen with an "UNMOUNTABLE_BOOT_VOLUME" error. The issue was triggered by installing certain updates on systems left in an improper state fr...
Read More » -
Urgent iPhone Update Required for Millions
Apple has implemented a critical policy shift, requiring most modern iPhones to upgrade to iOS 26 to continue receiving vital security updates, as support for older iOS 18 versions has been cut off. Owners of iPhone XS, XS Max, and XR models are an exception; they cannot upgrade to iOS 26 and mus...
Read More » -
Microsoft Fixes False Windows 10 End-of-Support Warning Bug
Microsoft resolved a software glitch that incorrectly showed Windows 10 end-of-support alerts on devices still receiving security updates, though these devices remained protected. The issue affected Windows 10 22H2 and LTSC versions enrolled in the Extended Security Updates program, with a cloud-...
Read More » -
Microsoft Issues Emergency Windows 10 Update to Fix Critical Bug
Microsoft released an urgent out-of-band update (KB5071959) to fix a critical enrollment issue in the Extended Security Updates (ESU) program for Windows 10, which had been preventing users from signing up for continued security coverage after the end of standard support. The update resolves a ma...
Read More » -
CISA, Partners Act on Critical Microsoft Exchange Vulnerabilities
CISA, NSA, and international partners have issued critical guidance for securing on-premises Microsoft Exchange Servers, as Microsoft ends perpetual security updates for Exchange 2016 and 2019, leaving systems vulnerable to cyber threats. Recommended actions include restricting administrative acc...
Read More » -
SAP S/4HANA Vulnerability Actively Exploited in Attacks
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA allows attackers to execute unauthorized code and gain administrative control. Despite a patch being available since August 2025, many systems remain unpatched, leading to active exploitation in the wild. Successful attacks can result in se...
Read More » -
Windows 11's 2025 Update: Top 6 AI & Start Menu Features
The Windows 11 November 2025 update introduces a redesigned Start menu with unified sections and adjustable viewing modes, alongside a refreshed settings page for better customization. Enhanced security is provided through Administrator Protection, which isolates untrusted applications in a tempo...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Has Microsoft Lost Its Way?
Under CEO Satya Nadella, Microsoft is aggressively pursuing AI initiatives while facing internal criticism over declining workplace morale and a perceived lack of empathy, contrasting with his initial philosophy. The company's strategic pivot includes significant workforce reductions and controve...
Read More » -
Windows 11's Special Arm Edition: Built for New PCs
Microsoft is releasing a specialized Windows 11 version (26H1) exclusively for new hardware, starting with PCs using Qualcomm's Snapdragon X Elite processors, to optimize for Arm-based architecture. This 26H1 version is a parallel branch; it won't be offered as an update to existing PCs, and devi...
Read More » -
Google Extends Pixel Tablet Android Updates to 5 Years
Google has extended Pixel Tablet software support to five years of both Android OS and security updates, aligning it with its modern smartphone policy. This change, updated on Google's support page, guarantees updates through June 2028, matching the support given to earlier Tensor-powered Pixel p...
Read More » -
iPhone 5s Gets Surprise Update 13 Years Later
Apple has released iOS 12.5.8 for the iPhone 5s and iPhone 6, extending their functional lifespan by updating a critical security certificate. The update ensures core communication features like iMessage and FaceTime will remain operational beyond January 2027, preventing a service disruption. Th...
Read More » -
Microsoft Issues Emergency Windows Updates for Most PCs
Microsoft issued emergency updates to fix critical issues from its January security patches, resolving major problems with remote desktop logins and system shutdowns for some Windows versions. Despite these fixes, several bugs remain unresolved, including intermittent black screens, desktop backg...
Read More » -
Urgent Apple Update Fixes Critical Security Exploits
Apple has released urgent security patches for two actively exploited zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in its WebKit browser engine, which is used across iPhones, iPads, and Macs. The flaws, discovered through a collaboration between Apple and Google, could allow memor...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
Urgent FortiWeb Zero-Day Actively Exploited, Fortinet Warns
A zero-day vulnerability (CVE-2025-58034) in FortiWeb firewalls allows authenticated attackers to execute arbitrary OS commands via manipulated HTTP or CLI requests, prompting urgent patching. Active exploitation has been detected with around 2,000 attempts, and Fortinet advises immediate updates...
Read More » -
Microsoft Fixes Windows 10 Update With New Patch
Microsoft released a patch to fix a bug preventing Windows 10 devices from enrolling in the Extended Security Updates (ESU) program, ensuring uninterrupted security coverage for eligible systems. The glitch disrupted the manual enrollment process, leaving affected computers unable to receive vita...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical CentOS Bug
A critical security flaw (CVE-2025-48703) in CentOS Web Panel allows unauthenticated attackers to execute arbitrary commands, prompting CISA to issue an urgent patch-or-discontinue directive by November 25. The vulnerability stems from improper handling of the 'changePerm' endpoint and unsanitize...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More »