Latest News

2 minute read

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

info@thehackernews.com (The Hacker News)

November 26, 2025

If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch… The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some

If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch…

The very tools that make your job easier might also be the reason your systems are at risk.

These tools are run by the community. That means anyone can add or update packages. Some packages may be old, missing safety checks, or changed by mistake or on purpose. Hackers look for these weak spots. This has already happened in places like NPM and PyPI. The same risks can happen with Windows tools too.

To help you patch safely without slowing down, there’s a free webinar coming up. It’s led by Gene Moody, Field CTO at Action1. He’ll walk through how these tools work, where the risks are, and how to protect your systems while keeping updates on track.

In this session, he’ll test how safe these tools really are. You’ll get practical steps you can use right away—nothing theoretical, just what works.

The goal is not to scare you away from community tools. They’re useful. But they need guardrails—rules that help you use them safely without slowing you down.

You will learn:

🔒 How to spot hidden risks

⚙️ How to set safety checks like source pinning, allow-lists, and hash/signature verification

📊 How to prioritize updates using known vulnerability data (KEV)

📦 How to choose between community tools, direct vendor sources, or a mix of both

If you’re not sure when to use community repos and when to go straight to the vendor, this session will help you decide. You’ll also see how to mix both in a safe way.

This webinar is for anyone who manages software updates—whether you’re on a small team or a large one. If you’ve ever wondered what’s really inside that next patch, this session is for you.

It’s free to attend, and you’ll leave with clear actions you can apply the same day. Save your spot here.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

The Hacker News

Latest News

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

November 26, 2025

Latest News

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

November 26, 2025

2 min

Latest News

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily

info@thehackernews.com (The Hacker News)

November 21, 2025

3 min

Latest News

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

info@thehackernews.com (The Hacker News)

November 3, 2025

3 min

Latest News

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still

info@thehackernews.com (The Hacker News)

January 13, 2026

Hand-Picked Top-Read Stories

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Trending Tags

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Previous Post

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

Next Post

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Previous Post

Next Post

Related Posts