Vulnerability

WordPress plugin hole puts '2 million websites' at risk

XSS marks the spot

Patches08 May 2023 | 17

Dump these insecure phone adapters because we're not fixing them, says Cisco

Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability

CSO05 May 2023 | 90

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns

Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

Patches02 May 2023 | 1

Russian snoops just love invading unpatched Cisco gear, America and UK warn

Spying on foreign targets? That's our job!

CSO18 Apr 2023 | 7

Apple squashes iOS, macOS zero-day bugs already exploited by snoops

Keep calm and install patches before abuse becomes widespread

Patches10 Apr 2023 | 1

Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug

Plus: Substack shanked by bitter Twitter?

Research07 Apr 2023 | 14

It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors

Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs

Security07 Apr 2023 | 41

Azure blunder left Bing results editable, MS 365 accounts potentially exposed

'BingBang' boo-boo affected other internal Microsoft apps, too

Security30 Mar 2023 | 12

Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash

Terminal maker General Bytes shutters its cloud business after second breach in seven months

Security23 Mar 2023 | 30

Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit

Maybe this is deserved given the problem's in a hidden telnet service

Research22 Mar 2023 | 24

Police pounce on 'pompompurin' – alleged mastermind of BreachForums

In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals

Security20 Mar 2023 | 3

Microsoft pushes out PowerShell scripts to fix BitLocker bypass

Attackers exploiting the vulnerability could access encrypted data

Software19 Mar 2023 | 28

Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs

Four flaws open mobiles, cars to remote-control at baseband level with just a phone number

Patches17 Mar 2023 | 40

CISA joins forces with Women in CyberSecurity to break up the boy's club

in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items

Security13 Mar 2023 | 17

Russian charged with smuggling US counterintel tech to Motherland

In brief Also, don't download that 'ChatGPT Windows client,' and this week's critical vulnerabilities to keep an eye on

Cyber-crime27 Feb 2023 | 8

LockBit's Royal Mail ransom deadline flies by. No data released

in brief Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns

Cyber-crime13 Feb 2023 | 9

Microsoft to enterprises: Patch your Exchange servers

If you want to keep the miscreants out, put the updates in, Redmond says

Patches28 Jan 2023 | 14

Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched

You know when we all said quit using MD5? We really meant it

CSO26 Jan 2023 | 3

Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws

You know the drill: patch before criminals use these bugs in vRealize to sniff your systems

Patches25 Jan 2023 |

Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole

Also: Yay for Data Privacy Day!

Security24 Jan 2023 | 14

Miscreants sure do love ransacking cloud networks, more so than before

Thanks for putting all your data in one basket

CSO20 Jan 2023 | 9

Thousands of Sophos firewalls still vulnerable out there to hijacking

Updated As hundreds of staff axed this week

Security18 Jan 2023 | 3

Swiss Army's Threema messaging app was full of holes – at least seven

At least the penknives are still secure

Security11 Jan 2023 | 17

Here's how to remotely take over a Ferrari...account, that is

Connected cars. What could possibly go wrong?

Security07 Jan 2023 | 86

Parental control apps prove easy to beat by kids and crims

20m downloads can't be wrong? Or can they?

Security21 Dec 2022 | 19

Pwn2Own contest concludes with nearly $1m paid out to ethical hackers

Which is pocket change compared to what criminals will pay for zero-days, but thankfully community spirit remains strong

Security13 Dec 2022 | 5

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover

Take a break from the gaming and fix these now

Patches01 Dec 2022 | 5

Sirius XM flaw unlocks so-called smart cars thanks to code flaw

Telematics program doesn't just give you music, but a big security flaw

Security30 Nov 2022 | 25

Still using a discontinued Boa web server? Microsoft warns of supply chain attacks

Flaws in the open-source tool exploited – and India's power grid was a target

Research23 Nov 2022 | 10

AWS fixes 'confused deputy' vulnerability in AppSync

Datadog security researchers found the flaw before miscreants did

Security22 Nov 2022 |

Eggheads show how network flaw could lead to NASA crew pod loss. Key word: Could

Houston, we have a PCspooF problem

Security15 Nov 2022 | 23

GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming'

No need for ignominy when a flaw is found

Security14 Nov 2022 | 5

China is likely stockpiling and deploying vulnerabilities, says Microsoft

Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing

Security07 Nov 2022 | 36

OpenSSL downgrades horror bug after week of panic, hype

Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited

Patches01 Nov 2022 | 3

Cisco AnyConnect Windows client under active attack

Make sure you're patched – and update VMware Cloud Foundation, too, by the way

Patches26 Oct 2022 | 7

CISA warns of security holes in industrial Advantech, Hitachi kit

When we concede that everything has bugs, we wish it wasn't quite everything

Patches20 Oct 2022 | 2

Tear in Microsoft Azure Service Fabric can give attackers full admin privileges

Orca Security disclosed the bug, and older versions remain vulnerable

Research19 Oct 2022 |

Fortinet warns of critical flaw in its security appliance OSes, admin panels

Naturally, they're already under attack – so you know what to do next

Patches11 Oct 2022 | 15

Make your neighbor think their house is haunted by blinking their Ikea smart bulbs

Radio comms vulnerabilities detailed

Patches08 Oct 2022 | 54

AI co-programmers perhaps won't spawn as many bugs as feared

They can't be any worse than some human developers

AI + ML07 Oct 2022 | 17

Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree

Some days, security just feels like a total illusion. OK, most days...

Patches04 Oct 2022 | 7

Sophos fixes critical firewall hole exploited by miscreants

Code-injection bug in your network security... mmm, yum yum

Patches28 Sep 2022 | 9

China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they?

Report finds increase in anonymous vuln reports

Research27 Sep 2022 | 4

One month after Black Hat disclosure, HP's enterprise kit still unpatched

What could go wrong with leaving firmware open after world's biggest hacker convention talk?

Security13 Sep 2022 | 12

Apple patches iPhone and macOS flaws under active attack

High-value targets tend to get hit

Security12 Sep 2022 | 13

Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN

Nothing like an authentication bypass for your private IPSec network

CSO08 Sep 2022 | 56

How Arm popped CHERI architecture into Morello Program hardware

Hot Chips Chip giant aims to adapt existing processor architectures to close off vulnerabilities in memory access

Systems26 Aug 2022 | 6

If you haven't patched Zimbra holes by now, assume you're toast

Here's how to detect an intrusion via vulnerable email systems

Patches23 Aug 2022 |

Microsoft trumps Google for 2021-22 bug bounty payouts

Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces

Security12 Aug 2022 | 5

FAANGs failing on keeping user data safe from bug hunters

Black Hat Time to call in the legal team

Security12 Aug 2022 | 3

Google's bug bounty boss: Finding and patching vulns? 'Totally useless'

Exclusive Disclosing exploits, however, will earn you $100k

Security10 Aug 2022 | 14

Slack leaked hashed passwords from its servers for years

Users who created shared invitation links for their workspace had login details slip out among encrypted traffic

Security08 Aug 2022 | 11

Warning! Critical flaws found in US Emergency Alert System

DEF CON may be about to blow lid off security hole

Patches05 Aug 2022 | 14

VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws

Meanwhile, a security update for rsync

Patches03 Aug 2022 | 1

FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft

Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable

Security27 Jul 2022 | 5

Time from vulnerability disclosures to exploits is shrinking

Palo Alto Networks Unit 42 incident response team warns of patch speedups

Security27 Jul 2022 |