Zabbix urges upgrades after critical SQL injection bug disclosure US agencies blasted 'unforgivable' SQLi flaws earlier this year Patches29 Nov 2024 | 7
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble If you didn't fix this a month ago, your to-do list probably needs a reshuffle Virtualization18 Nov 2024 | 4
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Plus a bonus hard-coded local API key Patches14 Nov 2024 |
Five Eyes infosec agencies list 2023's most exploited software flaws Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns CSO14 Nov 2024 | 28
Microsoft slips Task Manager and processor count fixes into Patch Tuesday Sore about cores no more Patches13 Nov 2024 | 7
Windows Themes zero-day bug exposes users to NTLM credential theft Plus a free micropatch until Redmond fixes the flaw Security30 Oct 2024 | 6
Emergency patch: Cisco fixes bug under exploit in brute-force attacks Who doesn't love abusing buggy appliances, really? Software24 Oct 2024 | 3
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch Plus, a POC to make it extra easy for attackers Security23 Oct 2024 |
VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time If the first patches don't work, try, try again Patches22 Oct 2024 | 2
Critical default credential in Kubernetes Image Builder allows SSH root access It's called leaving the door wide open – especially in Proxmox Security16 Oct 2024 | 12
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 6
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager Cybersecurity Month04 Oct 2024 | 6
Patch now: Critical Nvidia bug allows container escape, complete host takeover 33% of cloud environments using the toolkit impacted, we're told Patches26 Sep 2024 | 18
10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks Thousands of devices remain vulnerable, US most exposed to the threat Security24 Sep 2024 | 18
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security Two critical holes including hardcoded admin credential Security05 Sep 2024 | 9
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
You probably want to patch this critical GitHub Enterprise Server bug now Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code Patches21 Aug 2024 |
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others And Qualcomm addresses 'permanent denial of service' flaw in its stuff Patches06 Aug 2024 | 8
Progress discloses second critical flaw in Telerik Report Server in as many months These are the kinds of bugs APTs thrive on, just ask the Feds Patches26 Jul 2024 | 1
Life, interrupted: How CrowdStrike's patch failure is messing up the world Oh, was it supposed to be Y2K24? Software19 Jul 2024 | 116
Maximum-severity Cisco vulnerability allows attackers to change admin passwords You’re going to want to patch this one Patches18 Jul 2024 | 17
ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu Exclusive 'It seems like they really don't have a full grasp of what's going on with this patch' Patches15 Jul 2024 | 11
Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday Patch Tuesday Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday Patches10 Jul 2024 | 19
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 9
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug Specially crafted network packet could allow remote code execution and access to VM fleets Patches18 Jun 2024 | 8
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw You upgraded when this was fixed in April, right? Right?? Security07 Jun 2024 | 2
Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes That backdoor's not meant to be there? Patches05 Jun 2024 | 3
Three-year-old Apache Flink flaw under active attack We know IT admins have busy schedules but c'mon Patches24 May 2024 | 11
Got an unpatched LG 'smart' television? It could be watching you back Four fatal flaws allow TV takeover Security09 Apr 2024 | 42
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching CVE-2024-1086 turns the page tables on system admins Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Updated Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 14
Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy' Urgent patching advised to protect attacks against setup wizards Security21 Feb 2024 | 6
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
Patch now: Critical VMware, Atlassian flaws found You didn't have anything else to do this Tuesday, right? Patches16 Jan 2024 | 8
More than 178,000 SonicWall firewalls are exposed to old denial of service bugs Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022 Research16 Jan 2024 | 8
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
Before you go away for Xmas: You've patched that critical Perforce Server hole, right? Microsoft bug hunters highlight weaknesses in source-wrangling suite Patches19 Dec 2023 | 9
Ubiquiti blunder let some folks view others' security cameras, accounts Cloud misconfig blamed and now fixed Off-Prem15 Dec 2023 | 15
Two years on, 1 in 4 apps still vulnerable to Log4Shell Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Research11 Dec 2023 | 11
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks Two CVEs can be abused to steal sensitive info or execute code Patches01 Dec 2023 | 2
Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes Plus: 3 critical CVEs in Zyxel NAS devices Security30 Nov 2023 | 3
'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in At least two extortion gangs abusing CVE-2023-4966, we're told Cyber-crime31 Oct 2023 | 3
Apple drops urgent patch against obtuse TriangleDB iPhone malware Kaspersky first found this software nasty on its own phones Patches26 Oct 2023 | 9
Citrix urges 'immediate' patch for critical NetScaler bug as exploit code made public At this point, just assume your kit is compromised Security24 Oct 2023 | 1
Cisco fixes critical IOS XE bug but malware crew way ahead of them Initial fall in infected devices indicates evolution, not extinction, of attack code Security23 Oct 2023 | 2
Windows 10's latest update issue isn't a bug but a feature – to test your patience Some attempted installations of KB5031356 were reportedly stuck on 30% after 24 hours OSes16 Oct 2023 | 53
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
Trio of TorchServe flaws means PyTorch users need an urgent upgrade Meta, the project's maintainer, shrugs: We fixed it, let's move on Security04 Oct 2023 | 2
Arm patches GPU driver bug exploited by spyware to snoop on targets As Qualcomm warns of similar fixes coming for its chips Cybersecurity Month03 Oct 2023 | 5
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up Updated Exploit observed in the wild against codec lib in browsers, apps Patches12 Sep 2023 | 9
Ivanti Sentry exploited in the wild, patches emitted Good thing you're not exposing admin port 8443 to the world, right? Uh, right? Patches22 Aug 2023 | 7
Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants' What are these gadgets running, Windows? Ka-boom-tsch Research11 Aug 2023 | 10
Microsoft hits back at Tenable criticism of its infosec practices 'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed Security07 Aug 2023 | 5