A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. […]
ConnectWise rotating code signing certificates over security concerns
ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. […]
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. […]
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.
The post Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce appeared first on SecurityWeek.
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).
Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.
“Successful
Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.
“Successful
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
Redmond warns that external control of a file name or path in WebDAV “allows an unauthorized attacker to execute code over a network.”
The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties.
The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions.
“Low-code platforms such as
The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions.
“Low-code platforms such as
Windows 10 KB5060533 cumulative update released with 7 changes, fixes
Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout. […]
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Today is Microsoft’s June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. […]
Windows 11 KB5060842 and KB5060999 cumulative updates released
Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws. […]