serisec

Category: Time to Patch

  • Patch Tuesday, May 2026 Edition

    Patch Tuesday, May 2026 Edition Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla…

  • Patch Tuesday, April 2026 Edition

    Patch Tuesday, April 2026 Edition Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe…

  • Microsoft Patch Tuesday, March 2026 Edition

    Microsoft Patch Tuesday, March 2026 Edition Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here…

  • Patch Tuesday, February 2026 Edition

    Patch Tuesday, February 2026 Edition Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein…

  • Patch Tuesday, January 2026 Edition

    Patch Tuesday, January 2026 Edition Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805…

  • Microsoft Patch Tuesday, December 2025 Edition

    Microsoft Patch Tuesday, December 2025 Edition Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates…

  • Microsoft Patch Tuesday, November 2025 Edition

    Microsoft Patch Tuesday, November 2025 Edition Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year…

  • Patch Tuesday, October 2025 ‘End of 10’ Edition

    Patch Tuesday, October 2025 ‘End of 10’ Edition Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If…

  • Self-Replicating Worm Hits 180+ Software Packages

    Self-Replicating Worm Hits 180+ Software Packages At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more…

  • Microsoft Patch Tuesday, September 2025 Edition

    Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both…

  • Microsoft Patch Tuesday, August 2025 Edition

    Microsoft Patch Tuesday, August 2025 Edition Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little…

  • Microsoft Fix Targets Attacks on SharePoint Zero-Day

    Microsoft Fix Targets Attacks on SharePoint Zero-Day On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and…

  • Microsoft Patch Tuesday, July 2025 Edition

    Microsoft Patch Tuesday, July 2025 Edition Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize…

  • Senator Chides FBI for Weak Advice on Mobile Security

    Senator Chides FBI for Weak Advice on Mobile Security Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series…

  • Patch Tuesday, June 2025 Edition

    Patch Tuesday, June 2025 Edition Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public. The sole…

  • Proxy Services Feast on Ukraine’s IP Address Exodus

    Proxy Services Feast on Ukraine’s IP Address Exodus Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of…

  • Patch Tuesday, May 2025 Edition

    Patch Tuesday, May 2025 Edition Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public…

  • Patch Tuesday, April 2025 Edition

    Patch Tuesday, April 2025 Edition Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction…

  • Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

    Microsoft: 6 Zero-Days in March 2025 Patch Tuesday Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows…

  • Microsoft Patch Tuesday, February 2025 Edition

    Microsoft Patch Tuesday, February 2025 Edition Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name…

  • Infrastructure Laundering: Blending in with the Cloud

    Infrastructure Laundering: Blending in with the Cloud Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network…

  • Microsoft: Happy 2025. Here’s 161 Security Updates

    Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett…

  • Microsoft Patch Tuesday, November 2024 Edition

    Microsoft Patch Tuesday, November 2024 Edition Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The…