Latest Patch news

Latest Patch news

OpenSSL fixes two high severity vulnerabilities, what you need to know

The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.
- Sergiu Gatlan
- November 01, 2022
- 12:39 PM
- 0
Cisco warns admins to patch AnyConnect flaws exploited in attacks

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
- Sergiu Gatlan
- October 25, 2022
- 04:55 PM
- 0
State of Browser Attacks: Learn from John Hammond, Troy Hunt & Matt Johansen

Join Push Security's free three-part webinar series where top security researchers break down the browser-based attacks driving today's biggest breaches - from AiTM phishing and ConsentFix to compromised credentials and session hijacking.
- Push Security Sponsorship
Android's March 2022 security updates fix three critical bugs

Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS.
- Bill Toulas
- March 08, 2022
- 04:35 PM
- 3
VMware: Patch Horizon servers against ongoing Log4j attacks!

VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.
- Sergiu Gatlan
- January 25, 2022
- 04:19 PM
- 0
Log4j: List of vulnerable products and vendor advisories

News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday.
- Ionut Ilascu
- December 14, 2021
- 02:46 AM
- 3
Grafana fixes zero-day vulnerability after exploits spread over Twitter

Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
- Ionut Ilascu
- December 07, 2021
- 05:46 PM
- 1
Zero-day bug in all Windows versions gets free unofficial patch

A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions.
- Sergiu Gatlan
- November 12, 2021
- 07:28 AM
- 2
Mozilla Thunderbird 91.3 released to fix high impact flaws

Mozilla released Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.
- Bill Toulas
- November 05, 2021
- 09:47 AM
- 2
Over 30,000 GitLab servers still unpatched against critical bug

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched.
- Bill Toulas
- November 02, 2021
- 01:46 PM
- 0
Android November patch fixes actively exploited kernel bug

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.
- Bill Toulas
- November 02, 2021
- 07:01 AM
- 1
CISA urges admins to patch critical Discourse code execution bug

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday
- Bill Toulas
- October 25, 2021
- 05:20 AM
- 0
Apache emergency update fixes incomplete patch for exploited bug

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.
- Lawrence Abrams
- October 07, 2021
- 04:35 PM
- 1
Android October patch fixes three critical bugs, 41 flaws in total

Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity.
- Bill Toulas
- October 05, 2021
- 08:38 AM
- 0
Atlassian asks customers to patch critical Jira vulnerability

Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI.
- Ax Sharma
- July 22, 2021
- 03:47 AM
- 0
Kaseya patches VSA vulnerabilities used in REvil ransomware attack

Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.
- Lawrence Abrams
- July 11, 2021
- 04:50 PM
- 0
Actively exploited PrintNightmare zero-day gets unofficial patch

Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform.
- Sergiu Gatlan
- July 02, 2021
- 01:50 PM
- 2
Microsoft partially fixes Windows 7, Server 2008 vulnerability

Microsoft has partially fixed a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices.
- Sergiu Gatlan
- April 20, 2021
- 12:09 PM
- 0
NSA discovers critical Exchange Server vulnerabilities, patch now

Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical.
- Ionut Ilascu
- April 13, 2021
- 03:15 PM
- 0
GRUB2 boot loader reveals multiple high severity vulnerabilities

GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities.
- Ax Sharma
- March 03, 2021
- 02:37 PM
- 1
Cyberpunk 2077 patch 1.2 delayed by CD Projekt ransomware attack

CD Projekt Red announced today that they are delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 due to their recent cyberattack.
- Lawrence Abrams
- February 24, 2021
- 01:14 PM
- 2