Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em Multiple critical flaws found and they won't be fixed Security09 Aug 2024 | 31
Your victim's Windows PC fully patched? Just force undo its updates and exploit away Black Hat This guy showed the world how – with the right level of access Black Hat and DEF CON08 Aug 2024 | 8
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
Military helicopter crash blamed on failure to apply software patch A rather nice beach in Australia now briefly hosted an unusual feature Patches18 Apr 2023 | 49
Take the day off: Windows Autopatch is live and can even fix cloudy PCs But first, there's a whole lot of AD and Intune prep to be done Patches12 Jul 2022 | 13
CIOs largely believe their software supply chain is vulnerable Internal bureaucracy and barriers hold up roll out of defenses, report finds Patches31 May 2022 | 3
Five Eyes nations reveal 2021's fifteen most-exploited flaws Malicious cyber actors go after 2021's biggest misses, spend less time on the classics Security28 Apr 2022 | 10
FYI: Support ends for older Visual Studio versions in April Showers of work for admins Devops11 Feb 2022 | 10
Critical 'remote escalation' flaw in Android 12 fixed in Feb security patch batch This is the final software update from Google for the Pixel 3, 3 XL, too Security09 Feb 2022 | 19
Cisco inferno: Networking giant reveals three 10/10 rated critical router bugs RV family of routers is in trouble, and fixed software is yet to arrive for some models Networks04 Feb 2022 | 24
Over Log4j? VMware has another critical flaw for you to patch Workspace ONE Unified Endpoint Management can leak info via server-side request forgery Security17 Dec 2021 | 6
And you thought Fuzzilli was a pasta... Google offers up $50k in cloud credits to fuzz the hell out of JavaScript engines And don't forget the paperwork after, says Chocolate Factory Security02 Oct 2020 | 8
You know that Microsoft ZeroLogon bug you've been dragging your feet on? It's getting pwned in the wild now Scan servers for signs of compromise and patch if you haven't already Security24 Sep 2020 | 8
As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected Domain controllers at risk of hijacking, depending on version and configuration Security22 Sep 2020 | 6
Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link Perl clutching time again Security28 Aug 2020 | 3
Canadian shipping company Canpar gets an unwanted delivery – ransomware In brief Meanwhile, Gmail finally deals with a 'confused mailman' problem Security24 Aug 2020 | 7
Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update Please, please, please back up your files, people Software21 Aug 2020 | 194
You weren't hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It's far simpler than that Three little words: Patches, passwords, policies Security13 Aug 2020 | 36
If you haven't yet patched this critical hole in SAP NetWeaver Application Server, today is not your day Full details of security vuln plus proof-of-concept exploits revealed Security12 Aug 2020 | 4
Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws In Brief Plus: US govt sounds the alarm on industrial equipment attacks Security25 Jul 2020 | 4
Congrats, First American Title Insurance, you've made technology history. For all the wrong reasons Insurer is first biz to be charged in New York for data security negligence after exposing millions of records to the web Security23 Jul 2020 | 20
It's July 2020, and your PC or Mac can be pwned by a dodgy Photoshop file – Adobe emits critical patch batch Major fixes for Bridge and Prelude, too, plus Reader Android updated Security21 Jul 2020 | 4
Finally done with all those Patch Tuesday updates? Think again! Here's 33 Cisco bug fixes, with five criticals And who's that in the background? Just Oracle and its *cough* 443 bugs Security16 Jul 2020 | 14
Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code Mega Patch Tuesday You'll want to patch that – and all these other bugs fixed by Microsoft, Oracle, Adobe, VMware, SAP, Google Security15 Jul 2020 | 14
FYI: Someone's scanning gateways, looking for those security holes Citrix told you not to worry too much about VIdeo Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges Security09 Jul 2020 | 9
If you haven't potentially exposed 1000s of customers once again with networking vulns, step forward... Not so fast, Palo Alto Networks Getting to be a real PAN in the OS Security09 Jul 2020 | 6
Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees Eleven flaws cleaned up including one that may be exploited to sling malware downloads Security08 Jul 2020 | 6
F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch Not to worry, there are only *searches* several thousand devices apparently exposed online Security03 Jul 2020 | 20
Hold off that rush into the July 4 weekend – you may need this: Microsoft patches pwn-by-picture pitfalls in Win 10 Redmond also praised for blocking malware control systems on its clouds Security02 Jul 2020 | 6
Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely VPN gear vulnerable to remote hijackings Security02 Jul 2020 | 4
US govt warns foreign hackers 'will likely try to exploit' critical firewall bypass bug in Palo Alto gear – patch now Bogus signatures may fool your corp network's gatekeeper Networks30 Jun 2020 | 3
Three words you do not want to hear regarding a 'secure browser' called SafePay... Remote. Code. Execution How Bitdefender's security software was caught napping by ad-block bod Security24 Jun 2020 | 7
VMware and Office for Mac need patching, Microsoft can scan your firmware, and Anonymous takes credit for Atlanta police hacks Roundup Plus: Nigeria-based entrepreneur accused of fraud, and more OSes22 Jun 2020 | 7
Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode Collection of bugs, dubbed Ripple20, sink widely used TCP/IP stack Edge + IoT17 Jun 2020 | 27
You. Yeah you, in the beret. Drop that media file right now unless you've patched Illustrator or After Effects Adobe emits bonus security fixes for creative software including Premier Pro, Campaign Classic Security16 Jun 2020 | 1
Tycoon malware rages through US schools, LG's boot problem, and QNAP admins had better get busy Also: Cisco and Apple push out patches OSes08 Jun 2020 | 4
Update Firefox: Mozilla just patched three hijack-me holes and a bunch of other flaws Plus: Zoom fixes code-execution security bugs Security04 Jun 2020 | 13
One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch Zero-click remote-code exec hole found by Googler, updates emitted Security08 May 2020 | 16
GitHub blasts code-scanning tool into all open-source projects Rub-a-dub-dub, give your buggy code a scrub Security06 May 2020 | 4
In trying times like these, it's reassuring to know you can still get pwned five different ways by Adobe Illustrator files Make sure you update your software with these critical fixes Security30 Apr 2020 | 10
Sophos XG firewalls hacked, hotfix ready. Texts wreck Apple iThings. Yup, business as usual in infosec world Roundup Plus Office 2016, 2019 patches – and a barn-load of other security bits and bytes Security26 Apr 2020 | 9
GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps Static analyzer proves its worth with discovery of null-pointer error Security23 Apr 2020 | 50
Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch Updated Senior execs, journos, managed security service providers among those targeted, we're told Security22 Apr 2020 | 20
Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters... and something weird called iTunes for Windows Dozens of bugs swatted in latest Cupertino updates OSes25 Mar 2020 | 14
Adobe debuts disk-cleaning tool cleverly disguised as an arbitrary file deletion bug in Creative Cloud on Windows Patch this flaw, unless you want random docs to wipe out your work OSes24 Mar 2020 | 3
That LVI CPU hole wasn't the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes Monthly batch of updates covers FPGAs, graphics drivers, and more Security11 Mar 2020 | 9
Avast's AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping HTTPS traffic could be intercepted, manipulated, thanks to sloppy proxy Security10 Mar 2020 | 11
Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw 'Pwned with a broadcast' bug among 25 to be patched by Google Security07 Feb 2020 | 61
Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked Security06 Feb 2020 | 14
Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage Code dive Function accidentally returns OK instead of no-way Security30 Jan 2020 | 43
Teenagers today. Can't take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist Roundup Also, Cisco, Citrix emit patches, US army advises using Signal OSes25 Jan 2020 | 18
It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild Roundup Plus, WeLeakInfo? Not anymore! Security18 Jan 2020 | 15
Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle House of Larry delivers massive update for 93 products Databases15 Jan 2020 | 7
Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should Another day, another critical set of flaws Security15 Jan 2020 | 20
Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws... Patch Tuesday Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now OSes14 Jan 2020 | 42
Ding-dong: Cisco delivers your Patch Tuesday warm-up with WebEx, IOS fixes for a few irritating security holes The main event is next week Security10 Jan 2020 | 1
The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes We can rebuild him, we have the backups... er, right? Security08 Jan 2020 | 81
That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time Plug this security bypass... if you can even find the boxes running it Security07 Jan 2020 | 12
New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc Data Center Network Manager bugapalooza with three must-fix flaws Security03 Jan 2020 | 3
Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things Arbitrary code execution in a controller, what could go wrong? Security13 Dec 2019 | 43
OpenBSD bugs, Microsoft's bad update, a new Nork hacking crew, and more Meanwhile, the DOJ sets its sights on money mules OSes07 Dec 2019 | 16