patches

  • Blog
    digitpatrox1 week ago
    39

    GitLab patches high severity account takeover, missing auth issues

    GitLab has released security updates to address multiple vulnerabilities in the company’s DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. The company released GitLab Community and Enterprise versions 18.0.2, 17.11.4, and 17.10.8 to address these security flaws and urged all admins to upgrade immediately. “These versions contain important bug and security…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    35

    Cisco patches critical flaw affecting Identity Services Engine

    Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services. The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit. Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    47

    Google patches new Chrome zero-day bug exploited in attacks

    Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. “Google is aware that an exploit for CVE-2025-5419 exists in the wild,” the company warned in a security advisory published on Monday. This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    49

    Microsoft issues out-of-band patches for Windows 11 startup failure – Computerworld

    Human error or edge case? Microsoft, like other major software vendors, does a lot of testing of patches before they are released. Still, says Tyler Reguly, associate director of security R&D at Fortra, they can’t catch everything. “It’s impossible to test every edge case and scenario,” he said in an email. “On top of that, at some point testing at…

    Read More »
  • Blog
    digitpatroxMay 19, 2025
    62

    O2 UK patches bug leaking mobile user location from call metadata

    A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. The problem was discovered by security researcher Daniel Williams, who says the flaw existed on O2 UK’s network since March 27, 2017, and was resolved yesterday. O2 UK is a British…

    Read More »
  • Blog
    digitpatroxMay 16, 2025
    64

    Google patches Chrome vulnerability used for account takeover and MFA bypass

    “Unlike other browsers, Chrome resolves the Link header on subresource requests. But what’s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,” he wrote. Link headers are used by websites to tell a browser about important page resources, for example, images, that it should preload. As…

    Read More »
  • Blog
    digitpatroxMay 14, 2025
    64

    SAP patches second zero-day flaw exploited in recent attacks

    SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer that was fixed in…

    Read More »
  • Blog
    digitpatroxApril 18, 2025
    79

    Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks

    Image: ink drop/Adobe Stock Apple has rolled out emergency updates to patch two serious security flaws that were actively being exploited in highly targeted attacks on iPhones and other Apple devices. The fixes, released on April 16 as part of iOS 18.4.1 and macOS Sequoia 15.4.1, address zero-day vulnerabilities. Apple said these bugs were used in an “extremely sophisticated attack…

    Read More »
  • Blog
    digitpatroxApril 6, 2025
    197

    Ivanti patches Connect Secure zero-day exploited since mid-March

    Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. Tracked as CVE-2025-22457, this critical security flaw is due to a stack-based buffer overflow weakness. It impacts Pulse Connect Secure 9.1x (which reached end-of-support in December), Ivanti Connect Secure 22.7R2.5 and…

    Read More »
  • Blog
    digitpatroxApril 3, 2025
    85

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
Load More
Back to top button
close