Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities.
So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak
April 22, 2020
Three years and eight days ago, on April 14, 2017, a mysterious group of hackers known as the Shadow Brokers published a collection of hacking tools that ended up changing the internet forever. Known as the “Lost in Translation” dump, this collection of files included tens of hacking tools and exploits stolen from the US National ...
- New iOS zero-days actively used against high-profile targets
April 22, 2020
Two zero-day vulnerabilities affecting iPhone and iPad devices were found by cybersecurity startup ZecOps after the discovery of a series of ongoing remote attacks that have targeted iOS users since at least January 2018. “The attack’s scope consists of sending a specially crafted email to a victim’s mailbox enabling it to trigger the vulnerability in the context of iOS ...
- Security researcher discloses four IBM zero-days after company refused to patch
April 21, 2020
A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt. The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins ...
- Many problems with cyber security of Schipihol’s border control: Court of Audit
April 20, 2020
Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...
- Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment
April 20, 2020
A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can ...
- DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs
April 17, 2020
Companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems, cyber-security agencies from the US and Japan have warned this month. Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet. Last year, a major vulnerability ...