#patch-management

#patch-management

"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company said in an advisory released February 6, 2026. "By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user." The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier CVE-2026-1731.

Almost a quarter of those surveyed said they had experienced a container-related security incident in the past year. The bottleneck is rarely in detecting vulnerabilities, but mainly in what happens next. Weeks or months can pass between the discovery of a problem and the actual implementation of a solution. During that period, applications continued to run with known risks, making organizations vulnerable, reports The Register.

As Theresa Defino recently reported, HHS OCR will prioritize risk assessments and expand its investigations into risk management in 2026. Alisa Chestler and Layna Cook Rush of Baker Donelson have summarized some recent recommendations from HHS OCR's January 2026 Cybersecurity Newsletter that regulated entities may want to pay increased attention to at this point: Patching Is a Required Risk Management Activity Legacy Systems and Unpatchable Vulnerabilities Are Not Excuses Unnecessary Software and Default Accounts Create Hidden Risk

"Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution affecting LoadLibraryEX."

IBM is urging customers to immediately patch a critical vulnerability in API Connect. The flaw allows attackers to access applications without authentication. The leak affects hundreds of organizations in banking, healthcare, and retail. The vulnerability, registered as CVE-2025-13915, scores 9.8 on the CVSS rating. It concerns an authentication bypass flaw in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5.

Microsoft has released an out-of-band update to patch a critical vulnerability in Windows Server Update Services (WSUS). The update addresses CVE-2025-59287">CVE-2025-59287, a remote code execution flaw affecting Windows Server versions 2012 through 2025. The vulnerability stems from insecure deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code. A proof-of-concept exploit is publicly available. The vulnerability has been assigned a maximum severity level of "critical". Only servers with the WSUS role enabled are affected.

While no public reporting of exploitation for this vulnerability has emerged, ReliaQuest has observed indications of exploitation to gain initial access.

ReliaQuest reported that multiple customers have been compromised via unauthorized file uploads to SAP NetWeaver, allowing remote code execution.