patches

  • Blog
    digitpatrox2 weeks ago
    97

    GitLab patches critical authentication bypass vulnerabilities

    GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.  GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    123

    Juniper patches bug that let Chinese cyberspies backdoor routers

    ​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. This medium severity flaw (CVE-2025-21590) was reported by Amazon security engineer Matteo Memelli and is caused by an improper isolation or compartmentalization weakness. Successful exploitation lets local attackers with high privileges execute arbitrary code on vulnerable routers to compromise…

    Read More »
  • Blog
    digitpatroxFebruary 13, 2025
    58

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatroxFebruary 6, 2025
    53

    Cisco patches critical flaws in Identity Services Engine

    Cisco has rolled out software updates to address a pair of critical vulnerabilities in its Identity Services Engine (ISE) that could let hackers take over devices and access data. The flaws affect Cisco ISE and Cisco ISE Passive Identity Connector, versions 3.0 to 3.3, but not 3.4. A workaround is not possible, so a software upgrade is required. Cisco said…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    49

    AMD patches microcode security holes after accidental early disclosure

    Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation. “It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a…

    Read More »
  • Blog
    digitpatroxJanuary 20, 2025
    64

    2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

    Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional…

    Read More »
  • Blog
    digitpatroxJanuary 17, 2025
    141

    Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

    Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first.…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    120

    Cleo patches critical zero-day exploited in data theft attacks

    Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    181

    Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations

    A vulnerability in the popular managed file transfer (MFT) service from software company Cleo is being actively exploited by threat actors, researchers have warned. Reports from multiple security firms have warned that three different Cleo products were being attacked in the wild, including Cleo Harmony, the firm’s widely-used file transfer service capability. VLTrader, a server-side solution aimed at mid-sized corporations,…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    120

    Microsoft Patches One Actively Exploited Vulnerability, Among Others

    December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft…

    Read More »
Load More
Back to top button
close