patch management Archives • Daily CyberSecurity

Multiple Security Flaws Fixed in Major Framework Release CVE-2024-22257 Spring security vulnerabilities, cross-site scripting, CVE-2026-41003, CVE-2026-40999, CVE-2026-40998

CVE-2024-22257 Spring security vulnerabilities, cross-site scripting, CVE-2026-41003, CVE-2026-40999, CVE-2026-40998

Multiple Security Flaws Fixed in Major Framework Release

Do Son June 12, 2026

The development groups responsible for maintaining the Java application ecosystem deployed critical updates. Several new patches fix...

Multiple Security Flaws Addressed in Core Java Application Subsystems Spring GraphQL security patches, unsafe deserialization flaws, CVE-2026-41699, CVE-2026-41700, CVE-2026-41856 CVE-2023-34050

Spring GraphQL security patches, unsafe deserialization flaws, CVE-2026-41699, CVE-2026-41700, CVE-2026-41856 CVE-2023-34050

Multiple Security Flaws Addressed in Core Java Application Subsystems

Do Son June 11, 2026

The open-source development teams behind the Java ecosystem deployed multiple security adjustments. The latest Spring GraphQL security...

PeopleSoft RCE Security Bug: New Oracle Fix PeopleSoft RCE security bug, unauthenticated HTTP exploit, CVE-2026-35273 Oracle security patch updates critical software vulnerabilities

PeopleSoft RCE security bug, unauthenticated HTTP exploit, CVE-2026-35273 Oracle security patch updates critical software vulnerabilities

PeopleSoft RCE Security Bug: New Oracle Fix

Do Son June 11, 2026

Oracle released an emergency security alert addressing a severe threat. Specifically, the newly patched PeopleSoft RCE security...

High-Severity Vulnerabilities Addressed in Endpoint Manager Mobile Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

High-Severity Vulnerabilities Addressed in Endpoint Manager Mobile

Do Son June 10, 2026

The development group behind enterprise mobile device management solutions deployed critical patches. Specifically, the latest Ivanti EPMM...

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities GnuTLS Security Update DTLS Heap Overwrite GnuTLS Vulnerability CVE-2026-1584

Patch Now: GnuTLS Release 3.8.13 Fixes 12 Vulnerabilities

Do Son May 4, 2026

The GnuTLS project, a vital secure communications library used extensively across the Linux ecosystem to implement SSL,...

Apache MINA Fixes Critical RCE Vulnerabilities Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA flaws critical deserialization bypass Apache MINA Deserialization CVE-2026-42778 RCE Apache MINA RCE CVE-2026-41635

Apache MINA Fixes Critical RCE Vulnerabilities

Do Son May 4, 2026

The Apache MINA project has issued a high-priority security release to address two critical vulnerabilities that were...

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 27 – May 3, 2026) cPanel Authentication Bypass Architectural Mismatch

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 27 – May 3, 2026)

Do Son May 4, 2026

Welcome to your weekly vulnerability digest. As we transition from April to May, attackers are weaponizing critical...

Supply Chain Sabotage: The Critical RCE Flaws Lurking in PHP Composer CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

Supply Chain Sabotage: The Critical RCE Flaws Lurking in PHP Composer

Do Son April 14, 2026

In the PHP ecosystem, Composer is the undisputed heavy hitter for dependency management, responsible for orchestrating the...

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026) Vulnerability Digest Active Exploitation

The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026)

Do Son April 13, 2026

Welcome to this week’s vulnerability digest. As we close out the first full week of April, security...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Do Son April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware Storm-1175 Medusa Ransomware

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware

Do Son April 6, 2026

A new report from Microsoft Threat Intelligence has exposured on Storm-1175, a financially motivated threat actor that...

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 30 – April 5, 2026) Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 30 – April 5, 2026)

Do Son April 6, 2026

Welcome to this week’s vulnerability digest. Whether you are a CISO charting out your risk management roadmap...

The Kernel’s New Sentinel: Why Greg Kroah-Hartman is Embracing AI for Linux Code Review French Digital Sovereignty Greg Kroah-Hartman AI code review CVE-2025-38352 Linux kernel exploit, Android 32-bit UAF vulnerability CVE-2022-36946 Linux Kernel 6.16, Hardware Support

French Digital Sovereignty Greg Kroah-Hartman AI code review CVE-2025-38352 Linux kernel exploit, Android 32-bit UAF vulnerability CVE-2022-36946 Linux Kernel 6.16, Hardware Support

The Kernel’s New Sentinel: Why Greg Kroah-Hartman is Embracing AI for Linux Code Review

Do Son March 30, 2026

In a recent discourse, the eminent Linux Kernel maintainer Greg Kroah-Hartman articulated that artificial intelligence-driven code review...

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026) Vulnerability Triage CISA KEV List

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026)

Do Son March 30, 2026

Whether you are steering the organizational ship as a CISO or maintaining the operational engines as a...

Bypassed Boundaries: Two New Vulnerabilities Threaten Spring Framework Apps CVE-2024-22259 Spring Framework Vulnerabilities CVE-2026-22737

Bypassed Boundaries: Two New Vulnerabilities Threaten Spring Framework Apps

Do Son March 20, 2026

Security researchers have identified two distinct vulnerabilities within the widely used Spring Framework, affecting both Spring MVC...

Deep Kernel Fix: Linux Closes a 5-Year-Old Flaw in x86 Memory Handling Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Deep Kernel Fix: Linux Closes a 5-Year-Old Flaw in x86 Memory Handling

Do Son January 25, 2026

A profound vulnerability has been unearthed within the Linux kernel, having languished for years in one of...

Kaspersky Report Reveals Growing Threat from Old Exploits and OS Vulnerabilities in Q1 2025 Cybersecurity, Vulnerabilities

Kaspersky Report Reveals Growing Threat from Old Exploits and OS Vulnerabilities in Q1 2025

Do Son June 3, 2025

Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits,...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Ivanti EPMM Flaws Exploited in the Wild: Chained RCE and Auth Bypass Threaten Mobile Device Management

Do Son May 13, 2025

Ivanti has released a security updates addressing two vulnerabilities in Endpoint Manager Mobile (EPMM)—CVE-2025-4427 and CVE-2025-4428—that, when...

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Do Son April 14, 2025

In an urgent alert to the cybersecurity community, Fortinet has detailed an active threat campaign exploiting known...

Critical Alert 2 Active Exploits Detected Today