Kategorie
Hackers abuse ViPNet software to target Russian govt agencies
UAC-0145 Uses ClickFix CAPTCHAs to Infect Ukrainian Devices wih Malware
SonicWall SMA Zero-Days Exploited Before Disclosure to Gain Root Access
Update now: 7-Zip fixes RCE flaw exploitable with malicious archives
WordPress Core "wp2shell" RCE flaws get public exploits, patch now
Microsoft warns of surge in ACR Stealer attacks on customers
The Future of Age Verification: Your Face Never Leaves Your Device
What Happens When AI Agents Start Handling Tier-1 Linux Support Tickets
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
Abbott probes two cyber incidents amid extortion claims
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.
The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay.
In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”
Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe, among others, follows a similar patch cadence.
Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.
In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.
July’s Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch waveMicrosoft addressed 722 CVEs this month once the 427 Chromium upstream relays are set aside — roughly three times a normal cycle and one of the largest single months in recent memory. Two vulnerabilities arrive under active exploitation: an elevation of privilege in Active Directory Federation Services (CVE-2026-56155), and an elevation of privilege in SharePoint Server (CVE-2026-56164). A third, a BitLocker security feature bypass (CVE-2026-50661) is publicly disclosed but not yet exploited.
The July 2026 Patch Tuesday earns Patch Now recommendations for Windows, Office, Exchange, and SQL Server. SharePoint has two critical RCEs on top of its exploited zero-day, and Exchange Server returns with a critical on-premises spoofing flaw. Adding to our (dear) administrator’s efforts, SharePoint Server 2016/2019 and SQL Server 2016 all reach end of support today. The Readiness team has provided a handy infographic of the expected risk profile of this month’s Patch Tuesday updates.
More info is available here on Microsoft Security updates for July 2026.
For June, Patch Tuesday means an IT scrambleMicrosoft this month released 206 updates affecting Windows, Office, Exchange Server, and its developer tools — including three Windows vulnerabilities already publicly disclosed. That trio includes an elevation of privilege in the Collaborative Translation Framework (CVE-2026-45586), a denial of service in HTTP.sys (CVE-2026-49160), and a BitLocker security feature bypass (CVE-2026-50507). At the moment, none appear to be under active exploitation, but all three are rated “Exploitation More Likely.”
Even without an exploited zero-day, the June 2026 Patch Tuesday release requires Patch Now recommendations for Windows, Office, and Exchange. The latter is back in the patch picture with a consolidated security update that Microsoft recommends installing “as soon as possible.”
More info is available here on Microsoft Security updates for June 2026.
For May, Patch Tuesday means 139 updates — but no zero-daysMicrosoft this month released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.
The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for Jira and Confluence), four Word Preview Pane RCEs, the large TCP/IP vulnerability cluster, and the carry-over BitLocker recovery condition (still active on Windows 10 and Windows Server) warrants an accelerated deployment release schedule.
More info is available here on Microsoft Security updates for May 2026.
Microsoft’s Patch Tuesday release for April is a whopperWindows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle in memory. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild.
The Readiness team recommends “Patch Now” schedules for nearly every major product family: Windows, Office (with a zero-day), Microsoft Edge (Chromium), SQL Server, and Microsoft Developer Tools (.NET). April also brings Phase 2 of Microsoft’s Kerberos RC4 hardening with full enforcement set for July. There is a lot to cover, so here’s a useful infographic mapping the deployment risk for each platform.
More info is available here on Microsoft Security updates for April 2026.
For March, Patch Tuesday delivers fixes for 83 vulnerabilitiesMicrosoft’s March Patch Tuesday release addresses 83 vulnerabilities across Windows, Office, SQL Server, Azure, and .NET — with two publicly disclosed zero-days affecting SQL Server and .NET (though neither is being actively exploited in the wild.) Six additional vulnerabilities spanning the Windows Kernel, Graphics Component, SMB Server, Accessibility Infrastructure, and Winlogon are flagged as “Exploitation More Likely.”
The most significant change this month is the introduction of Common Log File System (CLFS) hardening with signature verification, which will affect how Windows handles log files across the operating system. More info on Microsoft Security updates for March 2026.
February’s Patch Tuesday release fixes 59 flaws, including 6 being exploitedThe company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches. Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already being actively exploited. (All five Critical-rated CVEs target Azureservices rather than Windows, however.)
Both Windows and Office get a “Patch Now” recommendation, with CISA setting a March 3 enforcement deadline for all six exploited vulnerabilities. Two new enforcement timelines also take effect in April: Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386). More info on Microsoft Security updates for February 2026.
OnlyFans performers become unlikely allies of CISOs in securing websites
CISOs at government organizations and universities have an unexpected ally coming to their aid: OnlyFans models.
For some time, hackers have exploited weaknesses in the websites of universities or government departments to host scams or malware, using content stolen from the OnlyFans website as bait to attract victims.
Now, according to security researchers at Upguard, the fightback has begun: creators of adult content on OnlyFans are leveraging Google search results and the protection offered by copyright law to break up the traffic distribution systems created by bad actors.
These distribution systems work in three stages: entry points using adult or other content to attract and capture web traffic, a routing system sends it to destination sites, and those sites monetize the traffic through scams and malware. It has proved to be a lucrative business for the scammers.
Google recognizes the approach and calls such actors SEO parasites as they benefit from the reputations of other organizations — in particular government or academic sites, which Google views as having high authority.
Since the creators of OnlyFans content are also the copyright holders, they are able to issue Digital Millennium Copyright Act (DMCA) take-down notices for the stolen content posted by the bad actors to other sites. Upguard was able to track this through Google’s DMCA Transparency Report, and through the Lumen Database, another tracker of takedown notices, to which it was granted research access.
“This allows us to identify likely compromised sites: government and university domains advertising unlicensed adult content,” Upguard said.
The OnlyFans creators’ action has two benefits for the operators of the affected websites: The adult content associated with their domain disappears from Google search results, no longer affecting their reputation — and if they receive takedown notices for such content they can check their webservers for the vulnerabilities that enabled the bad actors to post it there in the first place.
This article first appeared on CSO.
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
OpenAI’s new hardware is a $230, 13-switch keyboard for Codex
OpenAI is selling its first hardware — without any help from Jony Ive. It describes the Codex Micro as a “command center for agentic work” but it’s really a 13-switch wireless keyboard customized to help developers keep tabs on what their Codex agents are doing. It costs $230.
The keyboard has 13 mechanical switches (one keycap covers two of them by default), a rotary encoder, joystick, and RGB backlighting around the whole keypad and individual keys. It comes with 32 customizable icon keycaps.
OpenAI claims that the Codex Micro is a serious business tool: The command keys enable Codex users accept changes, reject outputs, push-to-talk, start new chats, and trigger custom actions. The rotary encoder can be used to dial up the “brainpower” allocated to tasks — or in more conventional terms, how many tokens to allocate to reasoning on a task. And the RGB lighting can provide feedback on how various tasks are progressing. And the RGB lighting under the “agent” keys can provide feedback on how various tasks are progressing.
The Codex Micro’s manufacturer, Work Louder, already has a similar device on the market, the Creator Micro, which offers similar functionality, but without the colorful keys. It costs $56 less than the Codex Micro, however.
The Codex Micro will fit in snugly with OpenAI’s other merchandise, where using Codex is as much about a fashion statement as a technological choice.
This article first appeared on InfoWorld.
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Why Mobile Proxies Are Harder to Block Than Datacenter IPs
Business Email Compromise with AI Enhancements and New Defense Strategies
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »



