< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2061 articles · page 37 of 104

CISA Flags Actively Exploited Path Disclosure in Wing FTP

⚠️ CISA warned federal agencies to secure Wing FTP Server instances after adding CVE-2025-47813 to its catalog of actively exploited vulnerabilities. The flaw allows low-privileged actors to trigger error messages that expose the full local installation path and can be chained with an already-exploited RCE (CVE-2025-47812). The vendor released fixes in Wing FTP Server v7.4.4 in May 2025; organizations should apply updates or vendor mitigations immediately.
read more →

CrackArmor: AppArmor Linux Flaws Allow Local Root Access

🛡️ Qualys TRU has disclosed 'CrackArmor,' a set of nine AppArmor vulnerabilities present since Linux kernel 4.11 (2017). These AppArmor flaws allow local, unprivileged users to manipulate security profiles via kernel pseudo-files, enabling local privilege escalation, container isolation bypass, Denial-of-Service and potential kernel-memory exposure. Qualys developed proof-of-concept exploits but has not publicly released the code to limit risk. Organizations should prioritize applying vendor kernel updates and scanning for affected systems.
read more →

DNS-Based Data Exfiltration via AWS Bedrock Code Interpreter

⚠️ Phantom Labs Research demonstrated a DNS-based exfiltration technique targeting the AWS Bedrock AgentCore Code Interpreter that bypasses expected Sandbox Mode network restrictions. Maliciously crafted files (for example, CSVs) can influence generated Python code to use DNS queries as a covert command-and-control channel. In tests, researchers executed commands, enumerated and retrieved S3 content and secrets while the environment still reported network access disabled. AWS says this is intended behavior and updated documentation; organisations should inventory AgentCore instances, tighten IAM roles and move sensitive workloads to VPC mode.
read more →

CISA Adds KEV Entry for Wing FTP Server Vulnerability

🛡️ CISA has added CVE-2025-47813, an information disclosure vulnerability affecting Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of flaw is frequently abused by threat actors and poses a notable risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV items by the specified due dates. CISA urges all organizations to prioritize timely remediation as part of standard vulnerability management.
read more →

Nine Critical AppArmor Flaws Expose Millions of Linux Hosts

⚠ Qualys disclosed nine critical vulnerabilities in AppArmor, the Linux Security Module enabled by default on Ubuntu, Debian, and SUSE. Dubbed “CrackArmor,” the flaws date back to the Linux 4.11 kernel and allow an unprivileged local user to manipulate profiles to gain full root, escape containers, or crash systems. Qualys estimates over 12.6 million exposed enterprise instances and emphasizes immediate kernel patching; fixes have been landed upstream in coordination with major distro maintainers.
read more →

Microsoft issues Windows 11 hotpatch for RRAS RCE update

🔧 Microsoft released an out-of-band hotpatch (KB5084597) for Windows 11 to address remote code execution flaws in the Routing and Remote Access Service (RRAS) management tool. The update patches CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 and aligns with fixes shipped in the March 2026 Patch Tuesday release. The hotpatch performs in-memory patching so eligible Enterprise devices enrolled in the hotpatch program via Windows Autopatch receive cumulative fixes without a restart. It applies to Windows 11 25H2, 24H2, and Enterprise LTSC 2024 systems used for remote server management.
read more →

Windows 11: Some Samsung PCs Lose Access to C Drive

⚠️Microsoft is investigating reports that some Samsung laptops running Windows 11 lose access to the C:\ drive after installing the February 2026 security updates. Affected users encounter the error 'C:\ is not accessible - Access denied' and cannot launch applications such as Outlook, Office apps, web browsers, and system utilities. Microsoft says it is working with Samsung and that the problem may be related to the Samsung Share application, but no official workaround has been provided.
read more →

Google warns of two actively exploited Chrome zero-days

🔴 Google has released emergency patches addressing two actively exploited Chrome zero-day vulnerabilities, CVE-2026-3909 and CVE-2026-3910. The flaws affect Chromium-based browsers before version 146.0.7680.75, enabling out-of-bounds memory access and remote code execution via crafted web pages. Administrators should enable automatic updates, apply fixes immediately, monitor for outdated clients, and consider browser isolation to reduce exposure.
read more →

Microsoft Probes Classic Outlook Sync and Connection Issues

📧 Microsoft is investigating several issues that are disrupting email synchronization and server connections in the classic Outlook desktop client. One bug causes 'Can't connect to the server' errors when creating groups if Exchange Web Services (EWS) is enabled because an AD Graph validation call fails; Microsoft plans updated group functionality using REST APIs and recommends using the new Outlook or OWA until a fix is released. Separate reports describe 0x800CCC0F and 0x80070057 errors for Gmail and Yahoo accounts after password changes — a temporary workaround is to delete the affected identity registry entries — and a cursor disappearance bug affecting Outlook and some Microsoft 365 apps is also under investigation.
read more →

FBI Warns on Residential Proxy Abuse Targeting Devices

🔒 The FBI has issued guidance warning organizations and consumers about the growing use of residential proxies by cybercriminals, which reroute traffic through compromised home devices to mask malicious activity. By taking over IoT devices, smartphones, and home routers, attackers can make illegal traffic appear to originate from legitimate residential connections. The FBI recommends timely patching, strict device policies, network segmentation, blocking IPs tied to residential proxy networks, and stronger firewall rules to mitigate risk.
read more →

Veeam issues urgent patches for critical Backup RCE

🔔 Veeam has released updates to address multiple vulnerabilities in Veeam Backup & Replication, including three critical authenticated RCE flaws affecting builds up to 12.3.2.4165. The three RCE issues (CVE-2026-21666, CVE-2026-21667 and CVE-2026-21708) carry CVSS 9.9 scores and can permit authenticated users to execute code on backup servers; two additional high-severity bugs enable file manipulation and local privilege escalation. Veeam fixed the issues in build 12.3.2.4465 and urges organizations to patch immediately, emphasizing that backup infrastructure represents a highly privileged target for attackers.
read more →

CISA Adds Two Google Vulnerabilities to KEV Catalog Today

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-3909 (Google Skia out-of-bounds write) and CVE-2026-3910 (Google Chromium V8 unspecified). The agency cites evidence of active exploitation and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. CISA strongly urges all organizations to prioritize timely remediation to reduce exposure to attacks.
read more →

Google Patches Two Actively Exploited Chrome Zero-Days

🔒 Google released security updates for Chrome to address two high-severity zero-day vulnerabilities that have been exploited in the wild. The flaws—CVE-2026-3909 (Skia out-of-bounds write) and CVE-2026-3910 (V8 sandbox code execution)—are rated CVSS 8.8 and were reported on March 10, 2026. Users should update to versions 146.0.7680.75/76 for Windows and macOS or 146.0.7680.75 for Linux and apply vendor patches for other Chromium-based browsers.
read more →

CrackArmor: Nine AppArmor Flaws Enable Local Root Escalation

🔒 Qualys Threat Research Unit disclosed nine vulnerabilities collectively named CrackArmor in the Linux kernel's AppArmor module that let unprivileged users tamper with security profiles, bypass user-namespace restrictions, and escalate to root. Qualys says the problems have existed since 2017 and affect kernels since 4.11, with no CVEs assigned yet. The vendor is withholding PoC exploits and urges immediate kernel patching across affected distributions such as Ubuntu, Debian, and SUSE.
read more →

Google patches two Chrome zero-days exploited in attacks

🔒 Google released emergency updates to address two Chrome zero-day vulnerabilities exploited in the wild. The first, CVE-2026-3909, is an out-of-bounds write in the Skia rendering library that can cause crashes or enable code execution; the second, CVE-2026-3910, is an inappropriate implementation issue in the V8 JavaScript/WebAssembly engine. Updates for Chrome Stable are rolling on Windows, macOS, and Linux; users should update promptly. If automatic updates are enabled, the patch will install on next launch.
read more →

Veeam patches seven critical Backup & Replication flaws

🔒 Veeam has released security updates addressing seven critical vulnerabilities in Veeam Backup & Replication that could enable remote code execution, file manipulation, or privilege escalation if exploited. Affected builds include 12.3.2.4165 and earlier 12.x releases; fixes are available in 12.3.2.4465 and select fixes in 13.0.1.2067. Notable issues include multiple CVEs with CVSS scores up to 9.9 that allow authenticated domain users, Backup Viewers, or Backup Administrators to execute code, alter files, or escalate privileges. Veeam warned attackers may reverse-engineer patches, and customers are urged to update promptly.
read more →

Veeam patches critical RCE flaws in Backup & Replication

🛡️ Veeam has released updates for Veeam Backup & Replication that address multiple vulnerabilities, including four critical remote code execution (RCE) flaws that allow low-privileged users or Backup Viewer accounts to execute code on backup servers. The key issues (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) are fixed in 12.3.2.4465 and 13.0.1.2067. Administrators are urged to upgrade immediately, as ransomware actors have repeatedly targeted VBR to move laterally, steal data, and prevent recovery.
read more →

Critical Zero-Click n8n Flaws Allow Full Server Takeover

⚠️ Researchers at Pillar Security disclosed two critical vulnerabilities in both self-hosted and cloud n8n deployments that can yield complete server compromise without any user interaction. The most severe, CVE-2026-27493, is an unauthenticated zero-click flaw in Form nodes that enables expression injection through public form endpoints; CVE-2026-27577 is a sandbox escape in the expression compiler enabling remote code execution. n8n issued patches and automated cloud mitigations; self-hosted users should upgrade to the recommended versions and rotate all stored credentials if a vulnerable workflow was exposed.
read more →

Apple Backports Coruna Exploit Patches to Older iPhones

🔒 Apple has released security updates that backport fixes for vulnerabilities exploited by the Coruna exploit kit to older iPhones and iPads that cannot run the latest iOS releases. The patches, issued as iOS/iPadOS 15.8.7 and 16.7.15 builds, remediate kernel and WebKit issues — including CVE-2023-41974, CVE-2024-23222, CVE-2023-43000 and CVE-2023-43010 — to prevent privilege escalation and remote code execution. Affected legacy devices include a range of iPhone 6s through iPhone X models, multiple iPad Air/Pro and mini models, and the 7th‑gen iPod touch.
read more →

CISA Emergency Directive Targets Exploited Cisco SD-WAN

🔔 CISA has issued Emergency Directive 26-03 after reports that threat actors are actively exploiting a critical authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10). The directive instructs federal agencies to inventory affected systems, forward logs externally, collect forensic artifacts, apply vendor updates, hunt for signs of compromise and rebuild infrastructure if root access is detected. Agencies must report remediation and logging actions to CISA by multiple deadlines through March 23, 2026.
read more →