Tag: patch management
266 articles

SAP Patches Critical Flaws in NetWeaver and Commerce Cloud
SAP has patched 15 vulnerabilities, including four critical flaws in NetWeaver and Commerce Cloud, to safeguard its core application platform and e-commerce solutions from potential threats. These critical fixes aim to protect businesses from severe security breaches.

Google Patches Chrome Zero-Day Flaw Exploited in the Wild
Google just dropped an emergency update for Chrome, fixing a whopping 74 vulnerabilities, including a zero-day flaw that's been exploited by hackers in the wild. A security researcher scored a $55,000 reward for reporting the bug, now patched in the latest Chrome update.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public
Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

Vulnerability Patching Lag Exposes 91% of Organizations to Known Threats
The alarming truth is that 91% of organizations are leaving themselves exposed to known threats due to a vulnerability patching lag, with only 9% able to remediate high-severity flaws within a critical 24-hour window. This delay is not just a statistic - it's a recipe for disaster, with organizations that patch more slowly facing significantly higher breach rates.

AI-Driven Patching Pressures Redefine Vulnerability Response
The window between patch release and exploitation has dramatically shrunk to just six hours and 40 minutes, leaving organizations scrambling to keep up with increasingly rapid vulnerability response. This alarming trend is fueled by the growing power of large language models that can autonomously discover and even fix vulnerabilities.

CISA Warns of Actively Exploited Oracle WebLogic Server Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm on a highly exploitable Oracle WebLogic Server vulnerability, CVE-2024-21182, that's being actively targeted by threat actors. Over 1,592 vulnerable servers are currently exposed online, making it a pressing concern for organizations to patch up ASAP.

Exposure Management Shields Against Lurking Vulnerabilities
Don't let a single vulnerability be the Death Star of your defense - even the strongest systems can be undermined by a shared insider weakness. Start with asset discovery to proactively manage exposure and shield against lurking threats.

India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities
CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.

India's CERT-In Mandates Swift Patching for Exposed Flaws
CERT-In is urging organizations to act fast to contain cyber threats, setting a tight 12-hour deadline to patch known vulnerabilities in critical, internet-facing systems. This swift response aims to combat the accelerating threat of AI-driven cyber-attacks.

CISA Mandates Patching of Exploited Drupal Vulnerability
The US Cybersecurity and Infrastructure Security Agency has issued a directive requiring federal agencies to patch a critical Drupal vulnerability, known as CVE-2026-9082, by May 27 to prevent devastating SQL injection attacks. This highly critical flaw allows hackers to exploit PostgreSQL-powered Drupal sites and gain unauthorized access to sensitive information.

Microsoft Disrupts Zero-Day Attacks with Defender Patch Rollout
Microsoft is taking swift action to protect its users from zero-day attacks with an emergency patch rollout for its Defender software, ensuring that even the most vulnerable systems are safeguarded. The update addresses two critical vulnerabilities that were being actively exploited by hackers.

Drupal Warns of Highly Critical Vulnerability Requiring Immediate Patch
Drupal is warning of a highly critical vulnerability that requires immediate attention, urging site operators to clear their calendars for a crucial patch rollout on Wednesday, May 20, between 1700 and 2100 UTC. Exploits could be developed within hours or days, making swift action essential to protect your site.

Drupal Users Face Urgent Patch Deadline
Drupal users, take note: a highly critical core patch is coming and it's essential to act fast to secure your site. Get ready to install the update ASAP to avoid potential risks.

Drupal Warns of Imminent Core Security Updates, Urges Site Prep
Drupal is warning site owners to prepare for imminent core security updates, urging them to reserve time on May 20, 2026, between 5-9 p.m. UTC, to apply crucial patches and protect against potential exploits. Don't miss this window to safeguard your site and stay ahead of potential threats!

Microsoft Disables Windows Updates in Restricted Networks
If you've installed the January 2026 optional non-security preview updates on a restricted Windows network, you might face update failures - a frustrating issue that could leave your system vulnerable. Specifically, affected devices may still download February's security update, but then get stuck, unable to receive crucial updates from March onwards.

Major Vendors Patch Critical Flaws Amid Cyber Threat Surge
A critical flaw in Ivanti Xtraction, tracked as CVE-2026-8043, allows remote attackers to read sensitive files and launch client-side attacks - but fortunately, patches are now available to fix this high-risk vulnerability.

AI-Powered Bug Hunting Spurs Surge in Patches
While AI-powered bug hunting may mean more patches and work for admins in the short term, it also means a significant boost in identifying and fixing security holes - like the 75 issues frontier models found across 130 Palo Alto Networks products. This surge in patches is a small price to pay for a major leap in cybersecurity.

Microsoft Fixes BitLocker Issue on Windows 11
Microsoft has fixed a frustrating issue with BitLocker on Windows 11, where devices with certain Group Policy configurations were prompted to enter their BitLocker recovery key after installing a recent update. The fix is available in update KB5089549 for Windows 11 25H2.

Microsoft Fixes Autopatch Bug Deploying Restricted Drivers
Microsoft fixed a Windows Autopatch bug that caused a small number of EU devices to receive restricted driver updates despite administrative policies in place to block them. The issue affected specific Windows 11 versions, including 23H2, 24H2, and 25H2.

CISA Mandates Patching of Ivanti Flaw Exploited in Zero-Day Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) is requiring immediate patching of a high-risk Ivanti flaw, CVE-2026-6973, that allows attackers with admin privileges to remotely execute code on vulnerable systems. This critical vulnerability affects Ivanti Endpoint Manager Mobile (EPMM) version 12.8.0.0 and earlier.

US Cyber Officials Tighten Patching Deadlines Amid AI-Driven Threats
US cyber officials are considering a drastic reduction in patching deadlines, from two weeks to just three days, as AI-driven threats rapidly escalate and attackers gain unprecedented speed in discovering and exploiting vulnerabilities. This proposed shift reflects a urgent response to the evolving threat landscape, where AI-powered tools are revolutionizing the speed and efficiency of cyber attacks.

NCSC Warns of Impending AI-Driven Patch Surge
Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.

UK Cyber Agency Warns of Impending Patch Wave Fueled by AI
The UK's National Cyber Security Centre warns that AI is about to expose decades of technical shortcuts, demanding a massive and urgent patching effort - and organisations must prepare to patch quickly, frequently, and at scale. Get ready for a surge in fixes as buried technical debt is brought to the surface.

Anthropic Expands Claude Security Model to Cybersecurity Platforms
Anthropic's Claude Security Model just got a major upgrade, now helping cybersecurity platforms detect and fix software flaws faster than ever. With its advanced capabilities, Claude Security provides detailed vulnerability explanations, confidence rankings, and even generates step-by-step patch instructions.