#kb5067036
#kb5067036

Contractor quaffed his way to Y2K compliance

Y2K preparations included humorous incidents, with a contractor enjoying beers while ensuring systems were ready for the millennium change.

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.

fromTechCrunch

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.

fromTechCrunch

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

15 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

A new campaign uses WhatsApp to distribute malicious VBS files, enabling multi-stage infections and remote access through social engineering techniques.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Node JS

fromInfoQ

5 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

15 hours ago

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

TA416 has intensified cyberattacks on European government and diplomatic organizations since mid-2025, utilizing advanced malware delivery techniques.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

A new campaign uses WhatsApp to distribute malicious VBS files, enabling multi-stage infections and remote access through social engineering techniques.

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Microsoft rejiggers Intune to give patches time to prove themselves

Microsoft Intune will shift from pushing patches to measuring compliance with defined update standards, emphasizing policy and outcomes over delivery.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

more#chrome

DevOps

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

New out-of-band Windows 11 update fixes March's installation errors - how to get it

A new Windows 11 emergency update replaces a problematic March preview update that caused installation errors on many PCs.

Gadgets

Patch Tuesday update makes Windows PCs refuse to shut down

Software development

Microsoft rolls out emergency fix for Windows 11

fromEngadget

Information security

Microsoft issues emergency fix afer a security update left some Windows 11 devices unable to shut down

New out-of-band Windows 11 update fixes March's installation errors - how to get it

A new Windows 11 emergency update replaces a problematic March preview update that caused installation errors on many PCs.

Gadgets

Patch Tuesday update makes Windows PCs refuse to shut down

Software development

Microsoft rolls out emergency fix for Windows 11

fromEngadget

Information security

Microsoft issues emergency fix afer a security update left some Windows 11 devices unable to shut down

Internet Bug Bounty program hits pause on payouts

The Internet Bug Bounty program is pausing submissions for bug reports in open-source software to reassess its approach to security.

Privacy professionals

2 weeks ago

Microsoft pushes out-of-band hotpatch for Bluetooth

Microsoft released an out-of-band hotpatch for Windows 11 to fix Bluetooth visibility issues preventing device connections and management in Settings.

4 days ago

Microsoft pulls Windows update after installation problems

Installation on some devices failed with a 0x80073712 error, and Microsoft temporarily pulled the plug on Friday night. The problem affects Windows 11 24H2 and 25H2.

Software development

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

US news

4 weeks ago

Microsoft finally gets around to fixing what it broke in Oct

Microsoft fixed a Windows Recovery Environment bug introduced in Windows 10's October 14, 2025 update that prevented WinRE from launching on affected devices.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

16 hours ago

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

22 hours ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

fromInfoWorld

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

#patch-tuesday

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft's March Patch Tuesday addresses 83 vulnerabilities including two zero-day exploits in SQL Server and .NET, while introducing Common Log File System hardening with signature verification.

Information security

Microsoft issues emergency patch for latest Windows bugs - grab it ASAP

Information security

February's Patch Tuesday release fixes 59 flaws, including 6 being exploited

Information security

For January, Patch Tuesday starts off with a bang

Information security

6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft's March Patch Tuesday addresses 83 vulnerabilities including two zero-day exploits in SQL Server and .NET, while introducing Common Log File System hardening with signature verification.

Information security

Microsoft issues emergency patch for latest Windows bugs - grab it ASAP

Information security

February's Patch Tuesday release fixes 59 flaws, including 6 being exploited

Information security

For January, Patch Tuesday starts off with a bang

Information security

6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Microsoft is blocking legacy Windows drivers

Microsoft will only allow drivers approved through the Windows Hardware Compatibility Program to enhance security and compatibility in Windows.

Information security

Windows info-disclosure 0-day bug gets a fix and CISA alert

5 days ago

Microsoft is blocking legacy Windows drivers

Microsoft will only allow drivers approved through the Windows Hardware Compatibility Program to enhance security and compatibility in Windows.

Information security

Windows info-disclosure 0-day bug gets a fix and CISA alert

Microsoft releases second out-of-band fix for Windows in a week

January Windows updates caused Outlook and other apps to hang or mishandle files stored on cloud services, prompting Microsoft to release emergency out-of-band fixes.

3 days ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

3 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

3 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Microsoft stays quiet while emergency Windows fixes ramp up

But are things getting worse? According to Register readers, and the company's own release health dashboard, the answer has to be yes. It isn't just you. The frequency of emergency out-of-band releases for the company's operating systems has been rapidly increasing to the point where, for every Patch Tuesday update, there'll likely be at least one out-of-band patch to fix whatever got broken.

Tech industry

4 days ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft will block unvetted kernel drivers starting April 2026, impacting legacy applications while enhancing security.

Microsoft cracks down on old Windows kernel drivers

Microsoft will stop trusting kernel drivers not through the Windows Hardware Compatibility Program by April 2026 to enhance Windows kernel security.

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft will block unvetted kernel drivers starting April 2026, impacting legacy applications while enhancing security.

Microsoft cracks down on old Windows kernel drivers

Microsoft will stop trusting kernel drivers not through the Windows Hardware Compatibility Program by April 2026 to enhance Windows kernel security.

more#windows-security

Tech industry

Microsoft rushes out cloud storage fix after January update

Out-of-band Windows update fixes Outlook and other apps becoming unresponsive when using cloud-backed storage after the January 2026 Security Update; administrators should install it.

Software development

Microsoft issues second emergency patch for Windows this month - update your PC today

Microsoft released emergency patch KB5078127 to restore cloud storage file access for Outlook and other apps while other post-update bugs, including boot issues, persist.

Software development

Microsoft's Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update

A January Microsoft update caused critical bugs, and subsequent fixes introduced new failures, forcing two emergency patches and widespread user disruption.

#oracle

Information security

Oracle releases emergency patch for serious vulnerability

Information security

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issued critical patches for vulnerabilities in Identity Manager and Web Services Manager, allowing remote code execution by unauthenticated attackers.

Major warning: Secure your Microsoft environment

CISA warns organizations to strengthen Microsoft Intune security after attackers exploited the platform in a Stryker cyberattack, gaining administrative access and disrupting healthcare operations.

2 weeks ago

Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Microsoft released an out-of-band security update for Windows 11 addressing three critical vulnerabilities in the Windows Routing and Remote Access Service that enable remote code execution through malicious server connections.

#microsoft-security-patches

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon. We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).

Information security

Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws

Microsoft's March Patch Tuesday addresses nearly 80 vulnerabilities, including critical Office flaws that enable code execution through document preview without requiring active zero-day exploits.

Information security

Microsoft Patches 83 Vulnerabilities

Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws

Microsoft's March Patch Tuesday addresses nearly 80 vulnerabilities, including critical Office flaws that enable code execution through document preview without requiring active zero-day exploits.

more#microsoft-security-patches

Microsoft Patches 83 Vulnerabilities

Microsoft released 83 vulnerability patches in March 2026, including one critical remote code execution flaw and several privilege escalation bugs requiring attention.

#windows-admin-center

Information security

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Information security

Microsoft: Critical Windows Admin Center Flaw Allows Privilege Escalation

Information security

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

more#windows-admin-center

Information security

Microsoft: Critical Windows Admin Center Flaw Allows Privilege Escalation

#microsoft-patch-tuesday

Information security

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Information security

February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly

Information security

Microsoft patches 112 CVEs on first Patch Tuesday of 2026 | Computer Weekly

Information security

Microsoft reports six actively exploited zero days in Patch Tuesday

Information security

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Information security

February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly

Information security

Microsoft patches 112 CVEs on first Patch Tuesday of 2026 | Computer Weekly

more#microsoft-patch-tuesday

Information security

Microsoft reports six actively exploited zero days in Patch Tuesday

#microsoft-security-updates

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

more#microsoft-security-updates

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

#windows-10

Information security

Still on Windows 10? 0patch may be your best defense in the 'End of Support era'

Information security

Microsoft said my Windows 10 PC was no longer eligible for updates - so I used this secure alternative instead

Information security

Still on Windows 10? 0patch may be your best defense in the 'End of Support era'

Information security

Microsoft said my Windows 10 PC was no longer eligible for updates - so I used this secure alternative instead

Information security

Microsoft Issues Emergency Patch for Active Office Zero-Day

Information security

Office zero-day exploited, forces Microsoft OOB patch

Information security

Microsoft Issues Emergency Patch for Active Office Zero-Day

Information security

Office zero-day exploited, forces Microsoft OOB patch

Information security

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

Information security

Fixes released for a serious Microsoft Office zero-day flaw

Information security

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

Information security

Fixes released for a serious Microsoft Office zero-day flaw

more#microsoft-office

Critical Microsoft bug from 2024 under exploitation

A 9.8-rated SQL injection in Microsoft Configuration Manager, patched Oct 2024, is actively exploited and requires immediate patching.

Old Windows quirks help punch through new admin defenses

The issue focuses on how Windows handles these directories for specific user sessions. Because the kernel creates a DOS device object directory on demand, rather than at login, it cannot check whether the user is an admin during the creation process. Unlike UAC, Administrator Protection uses a hidden shadow admin account whose token handle can be returned by the system when calling the NtQueryInformationToken API function.

Information security

Microsoft Patches Windows Flaw Causing VPN Disruptions

A patched RasMan vulnerability (CVE-2026-215) allowed local attackers to crash Windows Remote Access Connection Manager, disrupting VPN and remote access services.

Your Windows PC needs this patch to ward off nasty bootkit malware - update now

Install the January Windows update to refresh expiring Secure Boot certificates and maintain protection against bootkit malware.

Windows App breaks logins with first 2026 security patch

January 13, 2026 Windows security update causes credential prompt failures in the Windows App, breaking Azure Virtual Desktop and Windows 365 connections.

Microsoft to Enable 'Windows Baseline Security' With New Runtime Integrity Safeguards

Windows Baseline Security Mode will enable runtime integrity safeguards by default, allowing only properly signed apps, drivers, and services to run while permitting administrator overrides.

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

CVE-2026-20045 (CVSS 8.2) allows unauthenticated remote attackers to execute arbitrary OS commands and escalate to root in multiple Cisco Unified Communications and Webex Calling Dedicated Instance products.