Security news aggregator

Latest coverage for Patch

Stay updated on the latest patch news and insights to secure your systems against vulnerabilities and cyber threats. Keep your info safe with our patch tag.

130 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Patch is a piece of software designed to update or fix problems with a computer program or its supporting data. In the context of information security, a patch is typically used to repair vulnerabilities that could be exploited by hackers. These vulnerabilities are often discovered in operating systems, applications, or even security software itself. Once identified, software vendors release patches to close these security holes and protect users from potential attacks.

Applying security patches is a critical component of maintaining the integrity and confidentiality of an organization's information. It's a proactive measure to prevent cyber threats such as viruses, malware, and other malicious activities that can compromise systems and data. Patches are commonly distributed through automatic updates, but can also be manually downloaded and installed by users or IT professionals. Regular patch management ensures that software remains secure, functional, and less vulnerable to cyber threats.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 130 Filtered view

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]

More from Security Affairs 3 Jun 2026, 9:44 p.m. Incident · 3 stories Actively exploited CVE-2025-48595 Android CVE Fixed Flaw Google Mobile Patch Privilege Escalation Vulnerability

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

More from Security Affairs 24 May 2026, 4:17 a.m. Incident · 3 stories Actively exploited CVE-2026-9082 CVE Compromise Critical Exploit Flaw Patch PostgreSQL SQL Unauthenticated Vulnerability

Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…

More from The Register 19 Mar 2026, 6:40 a.m. Actively exploited CVE-2026-20131 0-Day Amazon CVE Cisco Disclosure Exploit Exposure Firewalls Flaw Patch Ransomware Vulnerability

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads

More from The Hacker News 28 Jan 2026, 10:46 p.m. Actively exploited CVE-2025-8088 CVE China Critical Flaw Google Government Initial Access Nation State Patch Russia Threat Actor Vulnerability Warning

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. [...]

More from Bleeping Computer 28 Jan 2026, 12:19 p.m. Actively exploited CVE-2026-24858 0-Day Authentication Blocked Bypass CVE Critical Firmware Fortinet Patch SSO Vulnerability