Security news aggregator

Latest coverage for Patch Tuesday

Patch Tuesday tracks Microsoft's regular security updates, helping readers understand vulnerabilities, fixes, and risks affecting software users.

13 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Patch Tuesday is the second Tuesday of each month, when Microsoft publishes a scheduled set of security and quality updates for supported products. The term is also used broadly for the recurring monthly patch cycle that organizations use to review, test, and deploy vendor fixes. Releases may address vulnerabilities in operating systems, applications, browsers, and infrastructure components, with severity and affected versions varying by update.

For security teams, the release is a trigger for vulnerability-management work: identify exposed and supported assets, assess whether a flaw is being exploited or affects a critical system, and prioritize deployment accordingly. Testing and staged rollout can reduce compatibility and availability problems, while leaving internet-facing or unpatched systems exposed can increase the chance of compromise. Teams should also account for patches that require reboots, configuration changes, or dependent updates, and track exceptions with compensating controls. Critical fixes may warrant accelerated or emergency deployment rather than waiting for the normal maintenance window.

Showing 13 most recent headlines Filtered view

Also, US Sanction Cybercrime Enablers, Celine Dion Ticket ScamThis week, ransomware victims paying less, cybercrime sanctions, Celine Dion ticket scams, 23andMe to pay $18 million, a 13-year old Daixin infection, Spiral ransomware, Patch Tuesday, CISA ordered rapid SharePoint patching and Spanish police busted a cybercrime ring. Sore Egyptian World Cup losers.

LegacyHive PoC exposes a Windows Privilege Escalation flaw affecting fully patched Windows desktop and server systems. Just hours after Microsoft’s July 2026 Patch Tuesday, security researcher Nightmare Eclipse, also known as Chaotic Eclipse, published a new Windows zero-day proof-of-concept called LegacyHive. This time, the target is the Windows User Profile Service (ProfSvc), and unlike the […]

Patch Tuesday: Microsoft fixes a record 621 CVEs, including 2 exploited zero-days and critical flaws affecting SharePoint, RDP, Hyper-V, and AD FS. Microsoft’s July 2026 Patch Tuesday is, by a significant margin, the largest single-month security release in the company’s history. The Zero Day Initiative counted 621 new Microsoft CVEs for the month, and the […]

Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200

Krebs on Security 3 days, 16 hours ago

Microsoft Patches a Record 570 Security Flaws

Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by artificial intelligence.

July 2026 Patch Tuesday landed with 570 fixes, a number driven by Microsoft running AI across the Windows codebase. Two flaws are being exploited right now, and the SharePoint one is rated Moderate. Here is what to work first, why a severity score is not your risk, and three free Sigma hunts you can import today.