Using WinRAR? Be sure to patch against these code execution bugs…
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
Weekly headline count for the current query.
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
No zero-days, but some interesting patches with their very own "teachable moments".
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).
Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.
Apple didn't use the words "Triangulation Trojan", but you probably will.
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.
Twice more unto the breach... patch being tested, in the meantime, shut down web access.
No zero-days this month, if you ignore the Edge RCE hole patched last week
Good news... more patches, this time available proactively
Chrome 0-day patched now, Edge patch coming soon.
All Apple users have zero-days that need patching, though some have more zero-days than others.
Yes, it's a buffer overflow bug. No, we are not going to fix it. It's only mains electricity we're switching here...
When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!