Microsoft warns customers AI will mean busier Patch Tuesdays
More patches mean more reasons to buy Redmond’s auto-patching tools
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More patches mean more reasons to buy Redmond’s auto-patching tools
Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once Britain's cyber agency is warning that AI-fuelled bug hunting is about to flush out years of buried flaws, leaving defenders scrambling to keep up.…
This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.…
Switchzilla says flaws could allow file overwrites or privilege escalation Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.…
A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.…
Plus 2 new critical vulns - patch now Cisco warned customers about another wave of attacks against its firewalls, which have been battered by intruders for at least six months. It also patched two critical bugs in its Unified Contact Center Express (UCCX) software that aren't under active exploitation - yet.…
Low-severity bugs but infosec pros claim they are a 'critical' overall threat – patch accordingly AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure.…
NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still haven't patched.…
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.…
Stealthy Falcon swoops on WebDAV and Redmond's even patching IE! Patch Tuesday It's Patch Tuesday time again, and Microsoft is warning that there are a bunch of critical fixes to sort out - and two actively exploited bugs.…
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.…
Cupertino mostly uses bland language when talking security, so this sounds nasty Apple has warned that some iPhones and iPads may have been targeted by an “extremely sophisticated attack” and has posted patches that hopefully prevent it.…
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…
SaaS seller sets severity to 'critical' Adobe's patch for a remote code execution (RCE) bug in Acrobat doesn't mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns.…
Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.…
For some unknown reason, initial patch was omitted from later versions Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years.…
Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities Infosec in brief Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability under active exploitation.…
Warning comes exactly a year after the vulnerability was introduced The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…
GRU-linked crew going after our code warns Microsoft - Outlook not good Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets – like government, defense, and aerospace agencies in the US and Europe – since March, according to Microsoft. …
Risk of ‘significant data loss’ for on-prem customers Atlassian has told customers they “must take immediate action” to address a newly discovered flaw in its Confluence collaboration tool.…