All articles tagged with #security patch
Google released emergency Chrome updates to fix CVE-2026-2441—a use-after-free in CSSFontFeatureValuesMap exploited in the wild—marking Chrome’s first zero-day patch of 2026; the fix has been backported across commits and is rolling out to Windows, macOS (145.0.7632.75/76), and Linux (144.0.7559.75), with a note that related issues remain addressed in bug 48393607. Users should update Chrome or enable auto-update.
Microsoft released the January 2026 Windows security update, but four days later issued an emergency out-of-band fix after reports that the update could prevent some systems from shutting down or hibernating and could block remote desktop logins. The shutdown issue affected only Windows 11 version 23H2 on Enterprise and IoT editions, and Microsoft later clarified the scope and released the fix (with an update on Jan 18 stating 23H2 was the affected variant).
Samsung has begun rolling out the January 2026 security patch to the Galaxy S24, S24+, and S24 Ultra, starting in South Korea with a 404.35 MB update (firmware S92xNKSS4CZA1) that fixes 55 issues; broader regional rollout is expected in the coming days. The next major update will bring One UI 8.5 (Android 16 QPR2) with a redesigned UI and new features.
A critical vulnerability named MongoBleed (CVE-2025-14847) affects over 87,000 MongoDB instances by allowing unauthenticated remote attackers to extract sensitive data through uninitialized memory disclosure in zlib decompression. The flaw impacts multiple versions, with patches available, and a PoC exploit has been released, increasing the risk of active exploitation. Administrators are urged to update their systems or apply temporary mitigations such as disabling zlib compression and restricting network access.
SonicWall has issued a warning about a new zero-day vulnerability (CVE-2025-40602) in the SMA1000 Appliance Management Console, which has been exploited in attacks to escalate privileges. The flaw is being exploited in conjunction with another critical vulnerability (CVE-2025-23006) to execute remote code with root privileges. SonicWall advises users to update to the latest firmware to mitigate the risk, as over 950 appliances are exposed online. This follows recent security breaches and malware attacks targeting SonicWall devices.
Samsung is rolling out December 2025 security updates for various Galaxy devices, including foldables, S25 series, and tablets, with improvements in security, system stability, and new features, while also facing delays in Google Play system updates.
Samsung has begun rolling out the December 2025 security update for several flagship and foldable Galaxy devices, including the Galaxy Z Fold 4, Fold 5, Flip 4, Flip 5, and Galaxy S25 series, primarily in South Korea and the US. The update enhances security with 68 fixes, improves system stability, and is based on Android 16 and One UI 8, with plans for future updates like One UI 8.5. Additionally, Samsung is updating other devices like Galaxy Tab S9 FE, Galaxy Ring, and apps such as Calendar and Reminder, while facing delays in Google Play system updates across some models.
The Android 16 November update is rolling out to various Pixel devices, bringing security patches, improvements to charging and battery life, camera fixes for rainbow patterns, and addressing emergency calling and app loading issues.
Microsoft released urgent out-of-band security updates for a critical WSUS vulnerability (CVE-2025-59287) that is actively being exploited in the wild, allowing remote code execution through unsafe deserialization. Users are advised to apply the patch immediately and follow recommended mitigations to prevent attacks.
Microsoft released a critical out-of-band update for Windows Server Update Services (WSUS) to fix a severe vulnerability (CVE-2025-59287) that allows remote code execution, affecting servers with the WSUS role enabled. The update is urgent, especially as WSUS is deprecated, prompting Microsoft to recommend switching to cloud-based solutions like Intune. A reboot is required, and administrators are advised to disable the role or block specific ports if immediate patching isn't possible.
Google is rolling out its October security patch for Pixel phones, primarily addressing display issues such as flickering and freezing in the Pixel 7 and Pixel 10 series, along with system stability improvements and bug fixes, though the Pixel 6 series is not included this month.
The October update for Android 16 QPR1 is rolling out to various Pixel devices, bringing UI fixes, display improvements, and system stability enhancements, with no security issues addressed in this release.
Several games, including Pentiment, Fallout Shelter, and Hearthstone, have been temporarily removed from Steam due to a security vulnerability in the Unity engine affecting versions 2017.1 and later. Developers are releasing updates to fix the issue, which could potentially allow local code execution or information disclosure. Players are advised to uninstall affected games until updates are available, with most titles expected to return soon after patching.
Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.
The Android 16 QPR1 September update is rolling out to various Pixel devices, bringing security patches, bug fixes across multiple components, and performance improvements, with 120 security issues addressed, including some under limited exploitation.