All CosmicBytez Labs articles tagged #Security Updates, across news, security advisories, how-to guides, and projects.
Belgium's national cybersecurity authority (CCB) has issued an urgent warning that threat actors are actively exploiting a recently patched critical Windows Netlogon Remote Protocol vulnerability that allows unauthenticated remote code execution on domain controllers.
Google has released Chrome 148 with patches for 151 security vulnerabilities, including critical-severity flaws that could allow remote code execution....
phpMyFAQ before 4.1.3 contains a CVSS 8.2 flaw allowing unauthenticated attackers to reset any account password without token validation, enabling full...
IBM and Red Hat unveil Project Lightwell, a $5B commitment to securing open-source supply chains by fixing vulnerabilities without breaking production.
CISA's emergency directive gives federal agencies four days to patch the actively exploited LiteSpeed cPanel plugin flaw being weaponized in the wild.
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems where domain controller lookups fail after installing the KB5087537 May 2026.
Microsoft has released updates fixing CVE-2026-45659, a CVSS 8.8 remote code execution vulnerability in SharePoint Server that requires no specialized.
CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild...
Ubiquiti has released security updates fixing three CVSS 10.0 vulnerabilities in UniFi OS that allow unauthenticated remote attackers to fully compromise...
Drupal has released an urgent security update for CVE-2026-9082, a highly critical flaw that can be exploited without authentication to achieve...
Supply chain security startup Socket has raised $60 million in a new funding round, valuing the company at $1 billion. The capital will expand Socket's...
A coordinated wave of critical security patches landed this week from Ivanti, Fortinet, SAP, VMware, and n8n. Topping the list is CVE-2026-8043 in Ivanti...
Cisco has patched a maximum-severity authentication bypass flaw in its Catalyst SD-WAN Controller that has already been exploited in limited attacks....
A security researcher claims Microsoft silently patched an Azure Backup for AKS vulnerability after rejecting his disclosure report — issuing no CVE and...
A proof-of-concept exploit has been released for a critical-severity NGINX vulnerability that has existed in the rewrite module for nearly two decades....
OpenAI has disclosed that two corporate employee devices were compromised via the Mini Shai-Hulud supply chain attack on the TanStack npm ecosystem,...
A stored cross-site scripting vulnerability in vCluster Platform allows attackers to inject and execute arbitrary JavaScript via the name field of a...
OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...
This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...
Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities including nine critical flaws — but for the first time in two years, not a single...
Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities across its product portfolio, including 30 rated Critical — with notable DNS...
Exim has released security updates to patch a severe vulnerability affecting GnuTLS-compiled builds of the world's most widely deployed mail transfer...
Fortinet has released emergency security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to...
SAP's May 2026 Security Patch Day addresses 15 vulnerabilities across multiple enterprise products, including two critical-severity flaws in Commerce...
A CVSS 7.5 denial-of-service vulnerability in Apple iOS and iPadOS allows a remote attacker to exhaust device resources and crash the operating system...
The Apache Software Foundation has released urgent security updates for the Apache HTTP Server addressing a severe vulnerability in the HTTP/2 protocol...
cPanel has released security updates addressing three vulnerabilities in cPanel and Web Host Manager (WHM), including flaws enabling privilege escalation,...
Google has patched a maximum severity vulnerability in its Gemini CLI npm package and GitHub Actions workflow that allowed unprivileged attackers to...
cPanel and WebHost Manager have released an emergency patch for a critical authentication bypass vulnerability that allows attackers to gain control panel...
GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...
Cybersecurity researchers have disclosed CVE-2026-25874, a critical unauthenticated remote code execution vulnerability (CVSS 9.3) in Hugging Face's...
A high-severity Firefox vulnerability (CVE-2026-6770) exploits the internal ordering of IndexedDB database names to generate a stable 44-bit fingerprint...
A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...
Following the April 2026 Patch Tuesday, Microsoft has made broadly available a new MDM policy setting that enables IT administrators to fully uninstall...
This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent...
Microsoft released out-of-band updates to address critical issues affecting Windows Server systems that emerged after the installation of April 2026 Patch...
Microsoft has acknowledged that a recent Microsoft Edge browser update introduced a regression that breaks right-click paste functionality in the...
CISA has added a high-severity Apache ActiveMQ vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the...
Google removed over 8.3 billion policy-violating ads and suspended 24.9 million accounts in 2025, while simultaneously rolling out sweeping Android 17...
A high-severity LDAP injection vulnerability in OPNsense's authentication connector allows unauthenticated attackers to bypass login controls by injecting...
Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...
A bypass of the CVE-2024-27297 patch in the Nix package manager allows attackers to follow symlinks during fixed-output derivation builds, enabling...
A critical CVSS 9.8 path traversal vulnerability in goshs, a SimpleHTTPServer written in Go, allows unauthenticated attackers to write arbitrary files via...
Fortinet has released emergency out-of-band patches for CVE-2026-35616, a critical pre-authentication API access bypass in FortiClient EMS that enables...
Fortinet has released an emergency weekend security update for CVE-2026-35616, a critical pre-authentication API access bypass in FortiClient EMS that is...
A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...
Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...
Apple has extended security update eligibility to additional iPhone models still running iOS 18, enabling more devices to receive protections against the...
CISA has issued a mandatory patching directive ordering all U.S. federal agencies to apply Citrix NetScaler security updates by Thursday, March 5, 2026,...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
A critical vulnerability in Gematik Authenticator prior to version 4.16.0 allows attackers to hijack authentication sessions via malicious deep links,...
Researchers have disclosed a critical unauthenticated remote code execution vulnerability in the GNU InetUtils telnet daemon (telnetd). CVE-2026-32746...
Microsoft is investigating a new bug affecting Samsung laptops after the February 2026 security update — some users are unable to access their C: drive...
Microsoft has pushed an out-of-band hotpatch (KB5084597) to Windows 11 Enterprise devices to address three integer-overflow RCE flaws in RRAS, one rated...
Veeam Software has released a critical security update for Backup & Replication, patching five remote code execution vulnerabilities with CVSS scores...
CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...
Security researchers have published details of two newly patched critical vulnerabilities in n8n — CVE-2026-27577 (CVSS 9.4), an expression sandbox escape...
A high-severity host header injection vulnerability in ZITADEL's login V2 password reset flow allows attackers to redirect reset links to...
A stored cross-site scripting vulnerability in ZITADEL's login V2 interface allows organization administrators to inject malicious JavaScript via a...
A new cross-platform tool called Tirith hooks into terminal shells to detect and block Unicode homoglyph attacks, pipe-to-shell exploits, and supply chain...