patch
-
Blog
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. “The issue is caused by a flaw in the SSH protocol message handling which allows an…
Read More » -
Blog
Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the…
Read More » -
Blog
Now companies can patch Windows 11 without rebooting – Computerworld
Microsoft has now added support for hotpatching in Windows 11 Enterprise 24H2 on x64 systems (AMD/Intel), Bleeping Computer reports. The support means that some security updates can be installed without restarting the computers. Instead, security updates are downloaded in the background and installed by patching in-memory code into running processors. Hotpatch updates will be released quarterly. “With hotpatch updates, you…
Read More » -
Blog
For April, a large ‘dynamic’ Patch Tuesday release – Computerworld
Security and authentication Several updates target core identity and authentication components, particularly lsasrv.dll, ci.dll, and skci.dll. These underpin scenarios involving Windows Hello, PIN logins, and certificate services. Even though labeled low risk, these areas are foundational and demand extra care in testing: Windows Defender Application Control (WDAC): Validate AppID tagging and policy updates post-reboot. LSASS (Local Security Authority Subsystem Service): Test…
Read More » -
Blog
Google’s Latest Patch Fixes 62 Security Vulnerabilities in Android
Google has released its April 2025 Android Security Bulletin, which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch. The security update…
Read More » -
Blog
Banks are persisting with the ‘patch and upgrade’ approach to legacy systems – and it’s swallowing up IT budgets
Banks are spending a staggering 70% of their budgets on maintaining outdated legacy systems, with many using an expensive ‘patch and upgrade’ approach. According to research from RS2, this strategy is soaking up resources, placing significant strain on IT workers, and holding back digital transformation goals across the sector. RS2 said the traditional strategy of patch and upgrade – simply…
Read More » -
Blog
CrushFTP warns users to patch unauthenticated access flaw immediately
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). “Please take immediate action to…
Read More » -
Blog
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed yesterday and affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. The company fixed it in version 12.3.1 (build 12.3.1.1139), which was released yesterday. According to a technical writeup by watchTowr Labs, who…
Read More » -
Blog
For March’s Patch Tuesday, 57 fixes — and 7 zero-days
For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio. Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…
Read More » -
Blog
Apple Has Issued a Security Patch in Response to an ‘Extremely Sophisticated Attack’
Breaking news: Apple has released another security update, and you should install it right away. While it seems like there’s always a new update for us Apple users to install on our devices, this one is a bit more exciting than usual, targeting what the company has described as “an extremely sophisticated attack.” Apple’s latest security patch On Tuesday, March…
Read More »