ConnectWise Patches Critical ScreenConnect Cryptographic FlawConnectWise patched a critical vulnerability (CVE-2026-3564) in ScreenConnect that allows attackers to extract cryptographic machine keys and bypass session authentication. The flaw enables unauthorized access and privilege escalation, which is a significant risk to MSPs and their downstream clients.**Treat this update as an emergency change because remote access tools are primary targets for lateral movement and supply chain attacks. If you run on-premises ScreenConnect, verify your version immediately, patch ASAP.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/connectwise-patches-critical-screenconnect-cryptographic-flaw-i-v-k-f-7/gD2P6Ple2L

CTEK Chargeportal Vulnerabilities Enable Unauthorized Control of EV InfrastructureCISA reports four vulnerabilities in the Chargeportal platform by CTEK, including a critical authentication bypass (CVE-2026-25192), that allow attackers to impersonate charging stations and gain unauthorized control. The product is scheduled for sunset in April 2026, leaving network isolation as the primary defense for current users.**Since CTEK is sunsetting Chargeportal without a patch, make sure you isolate the systems as much as possible from public access and the public internet. Then planning a migration to a supported charging management platform.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/ctek-chargeportal-vulnerabilities-enable-unauthorized-control-of-ev-infrastructure-q-m-c-l-x/gD2P6Ple2L

openSUSE Security Advisory - openSUSE-SU-2026:10353-1 https://packetstorm.news/files/217278 #advisory