Cybersecurity

Data processing system peripheral device management using component certificates

USPTO granted Patent US12598081B2 to Dell Products L.P. covering methods for managing data processing systems using digital certificates to authenticate and control peripheral device functions. The system employs a management controller operating independently of the CPU to enable or disable peripheral functions including Reliability, Availability, and Serviceability (RAS) reporting. The patent establishes intellectual property rights for digital certificate-based device authentication in computing environments.

Facilitating token use authentication for access tokens using stochastic images

USPTO granted patent US12598072B2 to Capital One Services, LLC on April 7, 2026, covering methods for facilitating token use authentication using stochastic images generated by machine learning models. The patent describes a system that detects authentication requests, retrieves previously displayed images, generates new images using stochastic ML models, and authenticates users based on image selection recognition. The patent contains 19 claims and was filed on November 10, 2023.

Multiples vulnérabilités dans Google Android - Déni de service

CERT-FR issued security advisory CERTFR-2026-AVI-0399 alerting to multiple vulnerabilities in Google Android. The vulnerabilities affect Android versions prior to 14, 15, 16, and 16-qpr2, and could allow attackers to cause denial of service conditions. The advisory references CVE-2025-48651 and CVE-2026-0049, with patches released by Google on April 6, 2026.

FortiClientEMS Vulnerability CVE-2026-35616 Actively Exploited

CERT-FR issued advisory CERTFR-2026-AVI-0400 warning of active exploitation of CVE-2026-35616 in Fortinet FortiClientEMS. The vulnerability allows remote code execution, privilege escalation, and security policy bypass on affected versions 7.4.x through 7.4.5. Organizations running vulnerable FortiClientEMS deployments are urged to apply patches immediately.

Multiple vulnerabilities in GLPI - RCE, SQL injection, XSS

CERT-FR issued a security advisory alerting organizations to multiple critical vulnerabilities in GLPI, an IT asset management and helpdesk software. The vulnerabilities affect GLPI versions 11.0.x prior to 11.0.6 and versions prior to 10.0.24, enabling remote code execution, SQL injection, and cross-site scripting attacks. Five CVEs are referenced: CVE-2026-25932, CVE-2026-26026, CVE-2026-26027, CVE-2026-26263, and CVE-2026-29047. Organizations using affected GLPI versions should apply vendor-provided patches immediately.

Salesforce multi-tenant data access control with cloud token security

USPTO granted Salesforce patent US12598193B2 covering fine granularity control of data access and usage across multi-tenant systems. The system validates user access requests against data source permissions and creates cloud-specific tokens converted from cloud-neutral tokens, establishing temporary IAM roles and policies with automatic expiration.

Atlassian patent, access controls for authenticated and public users

The USPTO granted Patent US12598189B2 to Atlassian Pty Ltd covering a content collaboration system that manages dual access controls for authenticated users and unauthenticated public users. The system provides synchronized content caching and hierarchical visibility controls for publicly accessible digital content across enterprise environments.

Privileged account security system and method for managing access

USPTO granted patent US12598187B2 to Saudi Arabian Oil Company for a system and method managing privileged account access. The technology disables privileged accounts upon creation and enables them only after user authentication for elevated rights requests, reducing the likelihood of system compromise. This is a routine IP event establishing enforceable patent rights for the assignee.

Network access using hardware-based security

USPTO granted patent US12598078B2 to Sophos Limited covering hardware-based security for network authentication. The patent describes endpoint devices using hardware-bound security systems to authenticate to enterprise networks, with cryptographically validated challenge-response protocols. The patent was applied for on February 15, 2023, under application number 18110051, with 20 claims granted.

BOE Technology info security issuing system patent, Apr

BOE Technology info security issuing system patent, Apr