Mike Walters

Handy list of URLs of security advisory/bulletin pages for major software vendors: Adobe: helpx.adobe.com/security/secur… Amazon Web Services: aws.amazon.com/security/secur… AMD: #security" target="_blank" rel="nofollow noopener">amd.com/en/resources/p… Apache Parquet: thehackernews.com/2025/04/critic…

Why #patchmanagement is still a PAIN in 2026 ? - Remote and hybrid work made it *so much worse* - Automation is key. - How peer-to-peer distribution helps with large-scale updates. - Phased, ring-based approach to patch deployment. - @Action1corp 's unique offering of free 200 endpoints, forever, with no limits. and more. Thanks @stiennon for hosting me on the @EM360Tech podcast! #patchmanagement em360tech.com/podcasts/why-p…

Those using #Intune or other endpoint management systems (including @Action1corp ) who don't want to become the next #Stryker ... @CISAgov yesterday issued an endpoint management system hardening guidance: - Multi-Admin Approval - #RBAC for least privilege - #MFA (via EntraID SSO or similar) The multi-admin approval's basic idea is to require a second admin's approval for sensitive operations (such as remote wipe), changing permissions etc. The other two are fairly obvious. #StrykerAttack #Intune #cybersecurity #endpointmanagement

Founder-led companies win because it’s personal. For founders, it’s not a job — it’s survival. Persistence and determination aren’t optional, they’re built in. You don’t manage outcomes, you fight for them. That mindset can’t be hired or replicated. The founder is the soul of the company. Capital doesn’t create obsession. Founders do. Inspired by @elonmusk, @larryellison and other game-changing founders - who are still in the game!

I had the pleasure yesterday of joining a fireside chat with @Action1corp’s CTO & CEO discussing “How Education IT Teams are Solving Patching”. Enjoyed sharing my insight on how it’s helped our district & collaborate with others as well. Thanks Gene & Mike! #PatchingThatWorks

@0xBurgers @HuntressLabs Thanks for this detailed research! We are looking for ways to implement deeper verifications in @Action1corp and this is helpful to understand the mechanics of attacks.

At @HuntressLabs we’ve observed a surge of 277% of RMM type attacks. Some quick examples we observed include: • SimpleHelp → ScreenConnect • Datto → ScreenConnect • Action1 → ScreenConnect check out the full write-up: huntress.com/blog/daisy-cha…

The most widely used enterprise Linux distribution, @RedHat Linux is now supported by @Action1corp You can now fully automate patching of your RedHat-powered devices using the same universal workflow you designed for your other operating systems. #patchingthatworks

At @Action1corp we define a #zeroday as a vulnerability that is actively exploited. After further investigation, we found that the two zero days reported in a few other news articles were not exploited but were publicly disclosed. Based on our definition, they would therefore not be considered zero days. The term zero day does not have a universally accepted standard. Below, is an interpretation of zero-day, which points to only active exploitation. “In Microsoft and MSRC language, a zero day vulnerability refers to the absence of an official fix rather than public disclosure or confirmed exploitation, although many MSRC blog posts focus on the subset that are actively exploited.” Further research shows that there are also other interpretations of a zero day that include publicly disclosed vulnerabilities. We are open to adjusting the definition of a zero day. However, we need to establish a clear definition in advance.

Apologies, my previous post on the zero-days was incorrect and I read it entirely wrong. Action1 says there is no zero-day vulns. action1.com/patch-tuesday/… While BleepingComputer says 2; bleepingcomputer.com/news/microsoft…

I'm using @Action1Corp to patch my first 200 endpoints for free. Claim yours at action1.com/patchfree #PatchingThatWorks #ActuallyFree #NoCatch action1.com/patchfree

@jack @blocks Amazing transparency. But why not keep all 10,000 and make them 5x more productive with AI? Is it because AI tokens cost $$$?

we're making @blocks smaller today. here's my note to the company. #### today we're making one of the hardest decisions in the history of our company: we're reducing our organization by nearly half, from over 10,000 people to just under 6,000. that means over 4,000 of you are being asked to leave or entering into consultation. i'll be straight about what's happening, why, and what it means for everyone. first off, if you're one of the people affected, you'll receive your salary for 20 weeks + 1 week per year of tenure, equity vested through the end of may, 6 months of health care, your corporate devices, and $5,000 to put toward whatever you need to help you in this transition (if you’re outside the U.S. you’ll receive similar support but exact details are going to vary based on local requirements). i want you to know that before anything else. everyone will be notified today, whether you're being asked to leave, entering consultation, or asked to stay. we're not making this decision because we're in trouble. our business is strong. gross profit continues to grow, we continue to serve more and more customers, and profitability is improving. but something has changed. we're already seeing that the intelligence tools we’re creating and using, paired with smaller and flatter teams, are enabling a new way of working which fundamentally changes what it means to build and run a company. and that's accelerating rapidly. i had two options: cut gradually over months or years as this shift plays out, or be honest about where we are and act on it now. i chose the latter. repeated rounds of cuts are destructive to morale, to focus, and to the trust that customers and shareholders place in our ability to lead. i'd rather take a hard, clear action now and build from a position we believe in than manage a slow reduction of people toward the same outcome. a smaller company also gives us the space to grow our business the right way, on our own terms, instead of constantly reacting to market pressures. a decision at this scale carries risk. but so does standing still. we've done a full review to determine the roles and people we require to reliably grow the business from here, and we've pressure-tested those decisions from multiple angles. i accept that we may have gotten some of them wrong, and we've built in flexibility to account for that, and do the right thing for our customers. we're not going to just disappear people from slack and email and pretend they were never here. communication channels will stay open through thursday evening (pacific) so everyone can say goodbye properly, and share whatever you wish. i'll also be hosting a live video session to thank everyone at 3:35pm pacific. i know doing it this way might feel awkward. i'd rather it feel awkward and human than efficient and cold. to those of you leaving…i’m grateful for you, and i’m sorry to put you through this. you built what this company is today. that's a fact that i'll honor forever. this decision is not a reflection of what you contributed. you will be a great contributor to any organization going forward. to those staying…i made this decision, and i'll own it. what i'm asking of you is to build with me. we're going to build this company with intelligence at the core of everything we do. how we work, how we create, how we serve our customers. our customers will feel this shift too, and we're going to help them navigate it: towards a future where they can build their own features directly, composed of our capabilities and served through our interfaces. that's what i'm focused on now. expect a note from me tomorrow. jack

Sounds like a great idea. Time to do away with plastic in your food! I reserved mine today at @PureSteelCo

🏈  The Action1 Super Bowl LX Commercial just hit the big screen! And yes, we hid a deliberate blooper in it. Find the blooper and win: linkedin.com/posts/action1c… #SBLX #SuperBowl #SuperBowlSunday #SuperBowl2026 #Touchdown #GameDay #SuperBowlChamps #SuperBowlAds #BestAd #Commercials #SuperBowlCommercials

📅 𝗪𝗲𝗱𝗻𝗲𝘀𝗱𝗮𝘆, 𝗝𝗮𝗻𝘂𝗮𝗿𝘆 𝟮𝟴 🕚 𝟭𝟭 𝗮.𝗺. 𝗘𝗦𝗧 | 𝟱 𝗽.𝗺. 𝗖𝗘𝗧 In 2025, most organizations patched more and still increased real-world exposure. The issue wasn’t effort. It was prioritization. In this live webinar, Action1’s engineering and security leaders break down what attackers actually exploited in 2025 and which patching priorities will matter most in 2026. 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲> on.action1.com/46bJd4Q

@TweetThreatNews Please use this contact form and we’ll reply back with information on how to submit this zip file: action1.com/contact-us/

A phishing campaign in Italy spread malware via a fake urgent digital signature update. A ZIP with VBS installs the legitimate remote tool Action1 for unauthorized access. #Italy #Phishing #Action1 ift.tt/XuGtABT

@TweetThreatNews Can you send us that ZIP file? We have the ability to quickly deactivate it on our end. We also want to investigate how those SOBs managed to get through our ID verification process.

Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list computerweekly.com/news/366629273… via @computerweekly

In the first half of 2025, 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲𝗱 𝘂𝗻𝗽𝗿𝗲𝗰𝗲𝗱𝗲𝗻𝘁𝗲𝗱 𝗴𝗿𝗼𝘄𝘁𝗵 as more enterprises and MSPs embraced our autonomous endpoint management platform for proactive patch management. Here are the highlights of our record-breaking first half of 2025: ✅ 𝟱𝟬𝟬% 𝗴𝗿𝗼𝘄𝘁𝗵 𝗶𝗻 𝗲𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 securing endpoints efficiently ✅ 𝟯𝟰𝟬% 𝗠𝗦𝗣 𝗿𝗲𝘃𝗲𝗻𝘂𝗲 𝘀𝘂𝗿𝗴𝗲, fueled by simplified and automated patching ✅ 𝟵𝟵% 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗿𝗲𝘁𝗲𝗻𝘁𝗶𝗼𝗻, showing ongoing trust in our platform ✅ 𝗠𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆 𝗮𝗰𝗰𝗼𝗹𝗮𝗱𝗲𝘀, including leader positions in G2 and Gartner As we look toward the second half of 2025, our focus remains on empowering organizations to strengthen their cyber resilience through efficient, secure, and scalable endpoint management. 𝗥𝗲𝗮𝗱 𝗺𝗼𝗿𝗲 𝗼𝗻 𝗼𝘂𝗿 𝗯𝗹𝗼𝗴> on.action1.com/45jpJdm

We’re continually evolving Action1 based on user feedback to help organizations secure access and gain greater control over device data. Our latest enhancements make it even easier to manage users and customize data to fit your needs. Available now: 📷 𝗘𝘅𝗽𝗮𝗻𝗱𝗲𝗱 𝗖𝘂𝘀𝘁𝗼𝗺 𝗔𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲𝘀 Now create up to 30 custom fields (up from 5). Starting this week, you will see these features available: 📷 𝗥𝗕𝗔𝗖: 𝗟𝗼𝗴𝗶𝗻 "𝗘𝗺𝗮𝗶𝗹 𝗪𝗶𝗹𝗱𝗰𝗮𝗿𝗱" 𝘀𝗰𝗼𝗽𝗲 Isolate user visibility and management by domain. 📷 𝗥𝗕𝗔𝗖: "𝗔𝘀𝘀𝗶𝗴𝗻 𝗥𝗼𝗹𝗲𝘀" 𝗽𝗲𝗿𝗺𝗶𝘀𝘀𝗶𝗼𝗻 Delegate role assignments without granting full user management rights. Join one of our upcoming webinars to explore these new capabilities and see how Action1 can help your organization streamline IT operations and strengthen security. 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲>>on.action1.com/3Hs3SIS

𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 107 vulnerabilities, one zero-day with PoC (CVE-2025-53779), 13 critical ▪️ Third-party: actively exploited vulnerabilities in Google Chrome, Android, Apple, Cisco ISE, and Wing FTP Server, plus major third-party issues affecting Axis Communications, Dell ControlVault3, Nvidia, WordPress, and Sophos Firewall. Navigate to 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝗴𝗲𝘀𝘁 𝗳𝗿𝗼𝗺 𝗔𝗰𝘁𝗶𝗼𝗻𝟭for comprehensive summary updated in real-time >>action1.com/patch-tuesday/… 𝗤𝘂𝗶𝗰𝗸 𝘀𝘂𝗺𝗺𝗮𝗿𝘆: 𝗪𝗶𝗻𝗱𝗼𝘄𝘀: 107 vulnerabilities, one zero-day with PoC (CVE-2025-53779), 13 critical 𝗚𝗼𝗼𝗴𝗹𝗲 𝗖𝗵𝗿𝗼𝗺𝗲: Actively exploited sandbox escape (CVE-2025-6558) 𝗔𝘅𝗶𝘀 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀: Multiple flaws; over 6,500 exposed servers 𝗗𝗲𝗹𝗹 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝗩𝗮𝘂𝗹𝘁𝟯: “ReVault” firmware vulnerabilities 𝗡𝘃𝗶𝗱𝗶𝗮 𝗧𝗿𝗶𝘁𝗼𝗻 𝗜𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗦𝗲𝗿𝘃𝗲𝗿: Chained flaws; AI model theft and manipulation possible 𝗔𝗻𝗱𝗿𝗼𝗶𝗱: Two actively exploited Qualcomm GPU vulnerabilities (CVE-2025-21479, CVE-2025-27038) 𝗔𝗽𝗽𝗹𝗲 𝗶𝗢𝗦/𝗺𝗮𝗰𝗢𝗦: Actively exploited zero-day (CVE-2025-6558); 13 WebKit flaws and multiple OS component fixes across all platforms 𝗪𝗼𝗿𝗱𝗣𝗿𝗲𝘀𝘀 𝗣𝗼𝘀𝘁 𝗦𝗠𝗧𝗣 𝗣𝗹𝘂𝗴𝗶𝗻: Improper access control (CVE-2025-24000); 200,000+ sites vulnerable 𝗦𝗼𝗽𝗵𝗼𝘀 𝗙𝗶𝗿𝗲𝘄𝗮𝗹𝗹: Multiple RCEs (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382) plus privilege escalation flaws (CVE-2024-13974, CVE-2024-13973) 𝗖𝗶𝘀𝗰𝗼 𝗜𝗦𝗘& 𝗜𝗦𝗘-𝗣𝗜𝗖: Critical unauthenticated RCE (CVE-2025-20337) plus previously disclosed CVE-2025-20281, CVE-2025-20282 now under active exploitation 𝗪𝗶𝗻𝗴 𝗙𝗧𝗣 𝗦𝗲𝗿𝘃𝗲𝗿: Actively exploited null byte injection (CVE-2025-47812); 5,000+ exposed web interfaces 𝗠𝗼𝗿𝗲 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: action1.com/patch-tuesday/… 𝗦𝗼𝘂𝗿𝗰𝗲𝘀: - Action1 Vulnerability Digest>> action1.com/patch-tuesday/… - Microsoft Security Update Guide>>msrc.microsoft.com/update-guide/r… #PatchTuesday #VulnerabilityManagement #ZeroDay #PatchManagement #Cybersecurity #InfoSec #EndpointSecurity #MicrosoftSecurity #SecurityUpdates #CVEs #ITOps #Action1

𝗔𝗰𝘁𝗶𝗼𝗻𝟭 𝗵𝗮𝘀 𝗯𝗲𝗲𝗻 𝗿𝗲𝗰𝗼𝗴𝗻𝗶𝘇𝗲𝗱 𝗮𝘀 𝘁𝗵𝗲 𝗳𝗮𝘀𝘁𝗲𝘀𝘁-𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗽𝗿𝗶𝘃𝗮𝘁𝗲 𝘀𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗰𝗼𝗺𝗽𝗮𝗻𝘆 𝗶𝗻 𝗔𝗺𝗲𝗿𝗶𝗰𝗮 𝗼𝗻 𝘁𝗵𝗲 𝟮𝟬𝟮𝟱 𝗜𝗻𝗰. 𝟱𝟬𝟬𝟬 𝗹𝗶𝘀𝘁, and #29 across all industries! This recognition celebrates our 7,000% revenue growth and our mission to help organizations prevent cyberattacks with automated, cloud-native patch management. A huge thank you to our amazing team, customers, and partners for making this possible! 𝗥𝗲𝗮𝗱 𝗺𝗼𝗿𝗲 on.action1.com/4otNd8p #Inc5000 #Cybersecurity #PatchManagement #TeamAction1