patchconfiguration-management

CrowdStrike and Tenable address critical vulnerabilities in security products

• patchconfiguration-management
• vulnerability-management

CrowdStrike and Tenable address critical vulnerabilities in security products

SC Staff April 27, 2026

CrowdStrike issued an advisory for CVE-2026-40050, a critical unauthenticated path traversal vulnerability impacting its LogScale product.

Read More Read more about CrowdStrike and Tenable address critical vulnerabilities in security products

CISA: Malware attack compromises US agency via Cisco exploit

• malware
• patchconfiguration-management
• vulnerability-management

CISA: Malware attack compromises US agency via Cisco exploit

SC Staff April 24, 2026

Attacks weaponizing the Cisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, were reported by the...

Read More Read more about CISA: Malware attack compromises US agency via Cisco exploit

Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

• patchconfiguration-management
• vulnerability-management

Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

SC Staff April 23, 2026

More than 1,300 internet-exposed Microsoft SharePoint servers remain vulnerable to ongoing intrusions weaponizing the zero-day spoofing flaw,...

Read More Read more about Actively exploited SharePoint spoofing bug continues to threaten over 1,300 instances

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

• patchconfiguration-management
• vulnerability-management

Microsoft patches critical ASP.NET Core privilege escalation vulnerability

SC Staff April 23, 2026

The vulnerability stems from a regression in specific versions of the Microsoft.AspNetCore.DataProtection NuGet packages.

Read More Read more about Microsoft patches critical ASP.NET Core privilege escalation vulnerability

Apple patches iPhone notification bug after reports of deleted data recovery

• data-security
• patchconfiguration-management
• Privacy
• vulnerability-management

Apple patches iPhone notification bug after reports of deleted data recovery

SC Staff April 23, 2026

The vulnerability, identified as CVE-2026-28950, was patched on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2,...

Read More Read more about Apple patches iPhone notification bug after reports of deleted data recovery

Critical Microsoft vulnerabilities surge as total flaw prevalence declines

• patchconfiguration-management
• vulnerability-management

Critical Microsoft vulnerabilities surge as total flaw prevalence declines

SC Staff April 22, 2026

A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop...

Read More Read more about Critical Microsoft vulnerabilities surge as total flaw prevalence declines

Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

• patchconfiguration-management
• vulnerability-management

Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

SC Staff April 22, 2026

Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197, could compromise 6,476 internet-exposed...

Read More Read more about Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

Misconfigured Perforce servers remain widespread, threaten sensitive data exposure

• data-security
• patchconfiguration-management

Misconfigured Perforce servers remain widespread, threaten sensitive data exposure

SC Staff April 22, 2026

Misconfigured Perforce servers remain widespread, threaten sensitive data exposure Improperly secured internet-exposed Perforce P4 servers continue to...

Read More Read more about Misconfigured Perforce servers remain widespread, threaten sensitive data exposure

Several flaws found in serial-to-IP converters used in critical sectors

• patchconfiguration-management
• vulnerability-management

Several flaws found in serial-to-IP converters used in critical sectors

SC Staff April 21, 2026

SecurityWeek reports that Forescout Technologies identified 20 new vulnerabilities in Sliex and Lantronix serial-to-IP converters, or serial...

Read More Read more about Several flaws found in serial-to-IP converters used in critical sectors

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

• network-security
• patchconfiguration-management
• security-operations
• soc
• vulnerability-management

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

Steve Zurier April 21, 2026

CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.

Read More Read more about Another Cisco Catalyst SD-WAN Manager bug added to CISA list