< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 46 of 104

Google patches Chrome zero-day CVE-2026-2441; active exploit

⚠️ Google released updates for Chrome to patch CVE-2026-2441, a high-severity (CVSS 8.8) use-after-free vulnerability in CSS that has been confirmed as exploited in the wild. Discovered by researcher Shaheen Fazim on Feb 11, 2026, the bug can enable remote code execution inside Chrome's sandbox via a crafted HTML page. Users should update to 145.0.7632.75/76 (Windows/macOS) or 144.0.7559.75 (Linux) and ensure Chromium-based browsers receive equivalent fixes.
read more →

Windows 11 KB5077181 Fixes Boot Failures After Updates

🔧 Microsoft says the February 10, 2026 Patch Tuesday update KB5077181 resolves a bug that left some commercial Windows 11 systems unbootable with an UNMOUNTABLE_BOOT_VOLUME error after failed updates. The problem affected a limited set of physical devices running 25H2 and 24H2 and was linked to an incomplete rollback following a December 2025 security update. An optional preview fix (KB5074105) was released on January 29, 2026 to help prevent further devices from being affected. Systems that became unbootable prior to the February fix may still require manual remediation via Microsoft Support for Business.
read more →

Critical BeyondTrust RS Flaw Being Exploited in Wild

🔒 Researchers warn a critical pre-authentication command injection (CVE-2026-1731) in BeyondTrust Remote Support is being actively exploited to compromise self-hosted deployments, including legacy Bomgar B-series appliances. Attackers have deployed renamed SimpleHelp binaries, created domain accounts and escalated privileges to perform lateral movement. Patches are available, but end-of-life appliances and required version upgrades complicate remediation while a public proof-of-concept has accelerated exploitation.
read more →

30-Year-Old Heap Overflow Fixed in libpng 1.6.55 Patch

⚠️ Developers patched a nearly 30-year-old heap buffer overflow in the libpng image library—fixed in libpng 1.6.55—that can crash applications processing crafted PNG files and, with careful heap grooming, enable information disclosure or remote code execution. The flaw exists in the png_set_quantize function when called without a histogram and with oversized palettes. A proof-of-concept is public; users and distributors should upgrade promptly.
read more →

Four new techniques show Windows .LNK files are unsafe

⚠ Wietze Beukema disclosed four new LNK techniques that can mislead Windows users by showing harmless shortcut targets while executing different programs. He demonstrated how inconsistent fields in the LNK format — including TargetIDList, EnvironmentVariableDataBlock, LinkInfo, and paired ANSI/Unicode values — let attackers spoof visible destinations, hide command-line arguments, and run concealed binaries. These methods can enable phishing, USB-borne attacks, and stealthy initial access and rely on Windows' normal shortcut handling rather than a traditional software bug. Until mitigations or behavior changes are implemented, treat untrusted .LNK files as potentially dangerous.
read more →

CISA: Microsoft ConfigMgr RCE Patch Now Exploited in the Wild

⚠️ CISA has flagged a critical Microsoft Configuration Manager vulnerability (CVE-2024-43468) as actively exploited after Microsoft patched it in October 2024. The flaw is a SQL injection that can allow unauthenticated remote attackers to achieve remote code execution and run commands with elevated privileges on the server or site database. CISA ordered federal agencies to apply the patch or mitigations by March 5 under BOD 22-01 and urged all organizations to secure affected systems immediately.
read more →

CISA Adds Known-Exploited CVE for BeyondTrust RS/PRA

⚠️ CISA has added CVE-2026-1731 to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation of an OS command injection vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). CISA emphasizes that command injection flaws are a frequent and dangerous attack vector that pose significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the specified due date; CISA strongly urges all organizations to prioritize timely remediation and integrate these fixes into their vulnerability management processes.
read more →

Microsoft fixes Family Safety bug blocking Chrome launch

🔧 Microsoft has deployed a service-side fix for a Family Safety bug that prevented Google Chrome and some other browsers from launching or caused them to crash on Windows 10/11 devices. The problem, first reported in late June 2025, was traced to the service's web-filtering and block-list behavior that misidentified updated browser versions. The rollout began in early February 2026 and should reach affected devices in the coming weeks; users should connect to the Internet to receive the update. Those who cannot go online can enable Activity reporting in Family Safety to receive approval requests and allowlist newer browser versions.
read more →

Researchers Observe In-The-Wild Exploitation of BeyondTrust

🔴 watchTowr reported the first in-the-wild exploitation of a critical BeyondTrust vulnerability, CVE-2026-1731, with attackers abusing the get_portal_info endpoint to extract the x-ns-company value before establishing a WebSocket channel. The flaw (CVSS 9.9) allows unauthenticated remote code execution by sending specially crafted requests and has been patched in Remote Support (BT26-02-RS, 25.3.2+) and Privileged Remote Access (BT26-02-PRA, 25.1.1+). The rapid weaponization highlights how quickly defenders must patch critical systems. CISA also added four actively exploited flaws to its KEV catalog and set federal remediation deadlines in February and March 2026.
read more →

Critical BeyondTrust RCE Now Exploited in Attacks Globally

🚨 A critical pre-authentication remote code execution vulnerability, CVE-2026-1731, in BeyondTrust Remote Support and Privileged Remote Access appliances is being actively exploited after a proof-of-concept was published. The flaw affects Remote Support ≤25.3.1 and Privileged Remote Access ≤24.3.4 and allows unauthenticated attackers to execute OS commands as the site user. BeyondTrust automatically patched SaaS instances on Feb 2, 2026; on-premises customers must install vendor updates immediately.
read more →

Microsoft: LNK Shortcut Spoofing Issues Not Considered Bugs

⚠️ Security researcher Wietze Beukema disclosed several techniques at Wild West Hackin' Fest that manipulate Windows .lnk shortcut files to display a benign target in Explorer while executing a different program, including use of malformed LinkTargetIDList and EnvironmentVariableDataBlock fields. These variants can hide command-line arguments and exploit forbidden path characters to show deceptive targets such as "invoice.pdf" while invoking PowerShell or other payloads. Microsoft told the researcher it will not treat the primary finding as a security vulnerability, saying exploitation requires user interaction and pointing to Microsoft Defender, Smart App Control, and built-in warnings for downloaded .lnk files. Beukema published lnk-it-up, an open-source toolkit to generate and detect such shortcuts for testing and research.
read more →

Critical RCE in WPvivid Backup Plugin Impacts 900k+

🔒 A critical vulnerability in the WPvivid Backup & Migration WordPress plugin (CVE-2026-1357, CVSS 9.8) allowed unauthenticated attackers to upload arbitrary files and achieve remote code execution. The flaw affected all versions up to 0.9.123 but, according to Defiant, only sites with the non-default receive backup from another site option enabled are critically exposed. WPVividPlugins released a patch in v0.9.124 on Jan 28; administrators should upgrade immediately.
read more →

RDS for PostgreSQL: Minor Upgrades and pg_stat_monitor

🔒 Amazon RDS for PostgreSQL now supports minor versions 18.2, 17.8, 16.12, 15.16, and 14.21. We recommend upgrading to these latest minor versions to remediate known security vulnerabilities and benefit from upstream bug fixes. The release also includes the pg_stat_monitor extension for unified query and performance metrics. Upgrades can be automated via scheduled maintenance, AWS Organizations rollout policies, or Blue/Green deployments to minimize downtime.
read more →

Airleader Master: Unrestricted Upload RCE (CVE-2026-1358)

🔒 Airleader GmbH's Airleader Master (<= 6.381) contains a critical file-upload vulnerability (CVE-2026-1358) that permits unauthenticated attackers to place dangerous files on high-privilege pages and potentially obtain remote code execution on the server. CISA assigns CVSS v3.1 9.8 (Critical). The vendor recommends upgrading to 6.386 or later and contacting Airleader for mitigation assistance. Operators should immediately reduce internet exposure and isolate control networks while planning patch deployment.
read more →

Hitachi Energy SuprOS Default Credentials Vulnerability

🔒 Hitachi Energy has disclosed a default-credentials vulnerability in SuprOS (CVE-2025-7740) affecting versions up to 9.2.1 and 9.2.2.0. Exploitation allows an authenticated local actor to use an admin account created during deployment, risking confidentiality, integrity, and availability. Hitachi Energy recommends applying the vendor update, removing unwanted accounts, and changing default passwords immediately. CISA assigns a CVSS v3.1 score of 8.8 and highlights impacts to critical infrastructure sectors.
read more →

Siemens COMOS: Multiple Vulnerabilities and Fixes Advisory

🔒 Siemens reports multiple vulnerabilities in COMOS across V10.4–V10.6 that could permit arbitrary code execution, cross-site scripting, denial-of-service, credential exposure, and TLS man-in-the-middle attacks. Siemens has published updates for several affected lines (notably V10.4.5 and V10.5.2) and is preparing additional fixes; some issues remain unpatched. Apply vendor updates where available, follow Siemens' countermeasures for unpatched versions, minimize network exposure of COMOS, and contact Siemens ProductCERT for assistance and timelines.
read more →

CISA Adds Four CVEs to Known Exploited Vulnerabilities

⚠️ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. The new entries are CVE-2024-43468 (Microsoft Configuration Manager SQL injection), CVE-2025-15556 (Notepad++ download of code without integrity check), CVE-2025-40536 (SolarWinds Web Help Desk security control bypass), and CVE-2026-20700 (Apple multiple buffer overflow). CISA cites their frequent use by malicious actors and urges prioritized remediation under BOD 22-01 guidance.
read more →

Siemens Siveillance Video: Webhooks Missing Authorization

🔒 Siemens ProductCERT reports a Missing Authorization vulnerability in the Webhooks implementation of Siveillance Video Management Servers that can allow authenticated users with read-only privileges to gain full access to the Webhooks API. Affected releases include V2023 R1–R3, V2024 R1, and V2025 builds older than the specified hotfix revisions. Siemens has published fixes and recommends updating to the listed hotfix revisions. If patching is delayed, audit role settings and limit network exposure to affected devices.
read more →

Siemens SINEC NMS and UMC DLL Load Vulnerabilities

⚠️ Siemens has published fixes for two local privilege escalation vulnerabilities affecting SINEC NMS and the User Management Component (UMC). A low-privileged user could modify configuration files to force the application to load malicious DLLs, potentially enabling arbitrary code execution with elevated (including SYSTEM) privileges. The issues are tracked as CVE-2026-25655 and CVE-2026-25656 (CWE-427) with a CVSS v3.1 base score of 7.8. Administrators should apply SINEC NMS V4.0 SP2 and UMC V2.15.2.1 or later as provided by Siemens ProductCERT.
read more →

Siemens NX CGM File Parsing Vulnerabilities — Update

⚠️ Siemens NX contains multiple file-parsing vulnerabilities in its handling of CGM files that can cause application crashes or enable arbitrary code execution when a malicious file is opened. Siemens has released fixes and advises updating to V2512 or later. Do not open untrusted CGM files and apply vendor updates promptly. Follow CISA guidance on network isolation and secure remote access.
read more →