A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'
And it's 'not unique to AWS,' researcher tells The Reg
Research15 Jan 2026 | 7
Patch
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group
Patches13 Jan 2026 | 1
Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit
No reports of active exploitation … yet
Patches08 Jan 2026 | 3
Logitech macOS mouse mayhem traced to expired dev certificate
Company says it dropped the ball, apologizes for wasting people's time
Patches08 Jan 2026 | 48
Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg
Patches12 Dec 2025 | 7
New React vulns leak secrets, invite DoS attacks
And the earlier React2Shell patch is vulnerable
Patches12 Dec 2025 | 3
NARROWER TOPICS
Google fixes super-secret 8th Chrome 0-day
No details, no CVE, update your browser now
Patches11 Dec 2025 | 10
Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday
Updated Plus critical critical Notepad++, Ivanti, and Fortinet updates, and one of these patches an under-attack security hole
Security09 Dec 2025 | 19
'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch
Security03 Dec 2025 | 33
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year
Patches02 Dec 2025 | 13
Fortinet 'fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE
Security19 Nov 2025 | 4
Google Chrome bug exploited as a 0-day – patch now or risk full system compromise
Seventh Chrome 0-day this year
Cyber-crime18 Nov 2025 | 11
Fortinet finally cops to critical make-me-admin bug under active exploitation
More than a month after PoC made public
Patches14 Nov 2025 | 9
Cisco warns of 'new attack variant' battering firewalls under exploit for 6 months
Plus 2 new critical vulns - patch now
Patches06 Nov 2025 | 4
Microsoft drops surprise Windows Server patch before weekend downtime
You didn't have plans, did you?
Patches24 Oct 2025 | 16
Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens
Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data
Patches14 Oct 2025 | 1
Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution
No evidence of exploitation … yet
Cybersecurity Month06 Oct 2025 | 11
'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover
Who wouldn't want root access on cluster master nodes?
Cybersecurity Month01 Oct 2025 | 2
SonicWall releases rootkit-busting firmware update following wave of attacks
Security vendor's no good, very bad week year
Patches23 Sep 2025 |
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
Or maybe 3 strikes, you're out?
Patches23 Sep 2025 | 2
Google pushes emergency patch for Chrome 0-day – check your browser version now
Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play
Patches18 Sep 2025 | 8
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals'
Patches16 Sep 2025 | 7
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against 'specific targeted users'
Patches12 Sep 2025 | 7
Android drops mega patch bomb - 120 fixes, two already exploited
September bundle the largest this year, and possibly the most serious
Patches03 Sep 2025 | 14
Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk
Major flaws uncovered in Copeland controllers: Patch now
Patches02 Sep 2025 | 47
Don't want drive-by Ollama attackers snooping on your local chats? Patch now
Reconfigure local app settings via a 'simple' POST request
Patches19 Aug 2025 | 4
Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole
Switchzilla's summer of perfect 10s
Patches15 Aug 2025 | 8
Microsoft patch Tuesday update fails to install
Windows 11 24H2 fixes fail from Windows Server Update Services
Software14 Aug 2025 | 12
Fortinet discloses critical bug with working exploit code amid surge in brute-force attempts
If there's smoke?
Patches13 Aug 2025 | 10
Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks
A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit
Cyber-crime11 Aug 2025 | 4
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
No reported in-the-wild exploits…yet
Patches07 Aug 2025 | 5
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Psst, wanna steal someone's biometrics?
Patches05 Aug 2025 | 20
Microsoft spotlights Apple bug patched in March as SharePoint exploits continue
Look over there!
Patches28 Jul 2025 | 1
No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers
Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it
Cyber-crime24 Jul 2025 | 4
Watch out, another max-severity, make-me-root Cisco bug on the loose
Updated Three perfect 10s in the last month - ISE, ISE, baby
Patches17 Jul 2025 | 16
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Updated Add CISA to the list
Patches10 Jul 2025 | 3
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
The second max score this week for Netzilla - not a good look
Patches02 Jul 2025 | 14
Citrix bleeds again: This time a zero-day exploited - patch now
Two emergency patches issued in two weeks
Patches25 Jun 2025 | 1
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Why are you even reading this story? Patch now!
Patches24 Jun 2025 | 7
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind
Patches03 Jun 2025 | 6
Latest patch leaves some Windows 10 machines stuck in recovery loops
Updated Veteran OS might be almost out of support, but there's still time for Microsoft to break it
OSes19 May 2025 | 21
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed
Patches13 May 2025 |
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Boeing 787 radio software safety fix didn't work, says Qatar
'Loss of safe separation between aircraft, collision, or runway incursion' is not what we want to hear
Applications08 Apr 2025 | 50
Windows Server Update Services live to patch another day
Disconnected device scenarios cause headaches for Microsoft
OSes08 Apr 2025 | 14
Apple belatedly patches actively exploited bugs in older OSes
Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes
Patches02 Apr 2025 | 10
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy
Patches12 Mar 2025 | 23
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
Microsoft signed a dodgy driver and now ransomware scum are exploiting it
Five flaws found in Paragon Partition Manager's kernel-level .sys
Ransomware in Focus04 Mar 2025 | 13
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority
Patches21 Feb 2025 |
Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft
Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites
Cyber-crime20 Feb 2025 | 4
Cisco patches two critical Identity Services Engine flaws
One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances
Networks05 Feb 2025 |
Google patches odd Android kernel security bug amid signs of targeted exploitation
Also, Netgear fixes critical router, access point vulnerabilities
Patches04 Feb 2025 | 5
VMware plugs steal-my-credentials holes in Cloud Foundation
Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant
Patches30 Jan 2025 |
Apple plugs security hole in its iThings that's already been exploited in iOS
Cupertino kicks off the year with a zero-day
Patches28 Jan 2025 | 15
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
SYSTEM-level command injection via API parameter *chef's kiss*
Patches24 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
No in-the-wild exploits … yet
Patches23 Jan 2025 |
Asus lets processor security fix slip out early, AMD confirms patch in progress
Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean
Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon
Old flaws that keep causing trouble haunt Big Red
Patches23 Jan 2025 |
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
Seven days after disclosure and little action taken, data shows
Patches21 Jan 2025 | 3
Biting the hand that feeds IT
