Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. […]
Adobe Patches Critical Apache Tika Bug in ColdFusion
Adobe has released patches for 25 vulnerabilities across its products, including a critical Apache Tika flaw in ColdFusion.
The post Adobe Patches Critical Apache Tika Bug in ColdFusion appeared first on SecurityWeek.
Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities
Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.
The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek.
Microsoft releases Windows 10 KB5073724 extended security update
Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. […]
Windows 11 KB5074109 & KB5073455 cumulative updates released
Microsoft has released Windows 11 KB5074109 and KB5073455 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft’s January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. […]
Google confirms Android bug causing volume key issues
Google has confirmed a software bug that is preventing volume buttons from working correctly on Android devices with accessibility features enabled. […]
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay.
“Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” Silent Push said in a report published today.
“Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” Silent Push said in a report published today.
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.
The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still
The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects
The botnet’s propagation is fueled by the AI-generated server deployments that use weak credentials, and legacy web stacks.
The post GoBruteforcer Botnet Targeting Crypto, Blockchain Projects appeared first on SecurityWeek.