Blog – Page 48 – Cyber Mike

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.
The vulnerabilities in question listed below –

CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)
CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization

OpenAI to Acquire AI Security Startup Promptfoo

Promptfoo has raised more than $23 million in funding for a platform that helps developers secure LLMs and AI agents.

The post OpenAI to Acquire AI Security Startup Promptfoo appeared first on SecurityWeek.

Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities

The bugs could lead to arbitrary code execution, privilege escalation, or authentication rate-limit bypass.

The post Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

How to 10x Your Vulnerability Management Program in the Agentic Era

The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation.

The post How to 10x Your Vulnerability Management Program in the Agentic Era appeared first on SecurityWeek.

What Boards Must Demand in the Age of AI-Automated Exploitation

“You knew, and you could have acted. Why didn’t you?”
This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident.
For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing

Michelin Confirms Data Breach Linked to Oracle EBS Attack

The cybercriminals have leaked more than 300GB of files allegedly stolen from the tire giant.

The post Michelin Confirms Data Breach Linked to Oracle EBS Attack appeared first on SecurityWeek.

Quantro Security Emerges From Stealth With $2.5 Million in Funding

The startup integrates with existing cybersecurity stacks, ingests and normalizes data, and delivers intelligence to reduce risks.

The post Quantro Security Emerges From Stealth With $2.5 Million in Funding appeared first on SecurityWeek.

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload

The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration.

The post ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload appeared first on SecurityWeek.

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.
Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric

Industrial giants Siemens, Schneider Electric, Mitsubishi Electric, and Moxa have published new ICS Patch Tuesday advisories.

The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric appeared first on SecurityWeek.

Cyber News