patches

  • Blog
    digitpatrox2 weeks ago
    100

    Ivanti patches Connect Secure zero-day exploited since mid-March

    Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. Tracked as CVE-2025-22457, this critical security flaw is due to a stack-based buffer overflow weakness. It impacts Pulse Connect Secure 9.1x (which reached end-of-support in December), Ivanti Connect Secure 22.7R2.5 and…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    39

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    127

    GitLab patches critical authentication bypass vulnerabilities

    GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.  GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    152

    Juniper patches bug that let Chinese cyberspies backdoor routers

    ​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. This medium severity flaw (CVE-2025-21590) was reported by Amazon security engineer Matteo Memelli and is caused by an improper isolation or compartmentalization weakness. Successful exploitation lets local attackers with high privileges execute arbitrary code on vulnerable routers to compromise…

    Read More »
  • Blog
    digitpatroxFebruary 13, 2025
    66

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatroxFebruary 6, 2025
    66

    Cisco patches critical flaws in Identity Services Engine

    Cisco has rolled out software updates to address a pair of critical vulnerabilities in its Identity Services Engine (ISE) that could let hackers take over devices and access data. The flaws affect Cisco ISE and Cisco ISE Passive Identity Connector, versions 3.0 to 3.3, but not 3.4. A workaround is not possible, so a software upgrade is required. Cisco said…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    66

    AMD patches microcode security holes after accidental early disclosure

    Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation. “It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a…

    Read More »
  • Blog
    digitpatroxJanuary 20, 2025
    72

    2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

    Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional…

    Read More »
  • Blog
    digitpatroxJanuary 17, 2025
    169

    Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

    Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first.…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    144

    Cleo patches critical zero-day exploited in data theft attacks

    Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software…

    Read More »
Load More
Back to top button
close