patch

  • Blog
    digitpatrox4 days ago
    47

    Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

    Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. “The issue is caused by a flaw in the SSH protocol message handling which allows an…

    Read More »
  • Blog
    digitpatrox6 days ago
    28

    Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now

    A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…

    Read More »
  • Blog
    digitpatrox1 week ago
    29

    Now companies can patch Windows 11 without rebooting – Computerworld

    Microsoft has now added support for hotpatching in Windows 11 Enterprise 24H2 on x64 systems (AMD/Intel), Bleeping Computer reports. The support means that some security updates can be installed without restarting the computers. Instead, security updates are downloaded in the background and installed by patching in-memory code into running processors. Hotpatch updates will be released quarterly. “With hotpatch updates, you…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    34

    For April, a large ‘dynamic’ Patch Tuesday release – Computerworld

    Security and authentication Several updates target core identity and authentication components, particularly lsasrv.dll, ci.dll, and skci.dll. These underpin scenarios involving Windows Hello, PIN logins, and certificate services. Even though labeled low risk, these areas are foundational and demand extra care in testing: Windows Defender Application Control (WDAC): Validate AppID tagging and policy updates post-reboot. LSASS (Local Security Authority Subsystem Service): Test…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    41

    Google’s Latest Patch Fixes 62 Security Vulnerabilities in Android

    Google has released its April 2025 Android Security Bulletin, which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch. The security update…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    45

    Banks are persisting with the ‘patch and upgrade’ approach to legacy systems – and it’s swallowing up IT budgets

    Banks are spending a staggering 70% of their budgets on maintaining outdated legacy systems, with many using an expensive ‘patch and upgrade’ approach. According to research from RS2, this strategy is soaking up resources, placing significant strain on IT workers, and holding back digital transformation goals across the sector. RS2 said the traditional strategy of patch and upgrade – simply…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    50

    CrushFTP warns users to patch unauthenticated access flaw immediately

    CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). “Please take immediate action to…

    Read More »
  • Blog
    digitpatroxMarch 21, 2025
    56

    Veeam RCE bug lets domain users hack backup servers, patch now

    Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday. According to a technical writeup by watchTowr Labs, who…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    61

    For March’s Patch Tuesday, 57 fixes — and 7 zero-days

    For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio.  Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…

    Read More »
  • Blog
    digitpatroxMarch 12, 2025
    55

    Apple Has Issued a Security Patch in Response to an ‘Extremely Sophisticated Attack’

    Breaking news: Apple has released another security update, and you should install it right away. While it seems like there’s always a new update for us Apple users to install on our devices, this one is a bit more exciting than usual, targeting what the company has described as “an extremely sophisticated attack.” Apple’s latest security patch On Tuesday, March…

    Read More »
Load More
Back to top button
close