Enterprise tech dominates zero-day exploits with no signs of slowdown As Big Tech gets used to the pain, smaller vendors urged to up their game Research29 Apr 2025 |
Samsung admits Galaxy devices can leak passwords through clipboard wormhole Infosec in brief PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Security28 Apr 2025 | 10
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future CSO25 Apr 2025 | 17
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues Patches25 Apr 2025 | 2
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps 10 other certificates 'were mis-issued and have now been revoked' CSO22 Apr 2025 | 13
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 88
CVE program gets last-minute funding from CISA – and maybe a new home Uncertainty is the new certainty CSO16 Apr 2025 | 32
Uncle Sam kills funding for CVE program. Yes, that CVE program Updated Because vulnerability management has nothing to do with national security, right? CSO16 Apr 2025 | 179
Old Fortinet flaws under attack with new method its patch didn't prevent Infosec In Brief PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Security14 Apr 2025 | 6
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE What a MIME field Patches08 Apr 2025 | 29
Panic averted: It was just a bug in Atop after all Warning of possible problems sparks controversy: Was it OverDAtop? Software27 Mar 2025 | 11
CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug Screenshot shows company head unhappy, claiming 'real CVE is pending' Security27 Mar 2025 | 5
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Patches25 Mar 2025 | 1
Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns Infosec In Brief PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Security24 Mar 2025 | 7
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist Palming off the blame using an ‘unknown’ best practice didn’t go down well either Patches20 Mar 2025 | 7
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in Patches19 Mar 2025 | 5
Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied Maddening techno bass loop, Zoolander reference, and 14 minutes of time wasted Security17 Mar 2025 | 144
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature 1 in 3 entries are used to extort civilians, says new paper Ransomware in Focus28 Feb 2025 | 5
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity AI + ML27 Feb 2025 | 127
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time Boffins poked around inside censorship engines – here's what they found Networks27 Feb 2025 | 38
MITRE Caldera security suite scores perfect 10 for insecurity Is a trivial remote-code execution hole in every version part of the training, or? Research25 Feb 2025 | 9
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution Bugs fixed, updating to the latest version is advisable Research20 Feb 2025 | 2
Palo Alto firewalls under attack as miscreants chain flaws for root access If you want to avoid urgent patches, stop exposing management consoles to the public internet Security19 Feb 2025 | 8
FreSSH bugs undiscovered for years threaten OpenSSH security Exploit code now available for MitM and DoS attacks Patches18 Feb 2025 | 16
Critical PostgreSQL bug tied to zero-day attack on US Treasury High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further Research14 Feb 2025 | 22
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff CSO13 Feb 2025 | 75
Apple warns 'extremely sophisticated attack' may be targeting iThings Cupertino mostly uses bland language when talking security, so this sounds nasty Security11 Feb 2025 | 23
Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge International security squads all focus on stopping baddies busting in through routers, IoT kit etc Edge + IoT05 Feb 2025 | 4
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Big organizations and governments are main users of these gateways Patches23 Jan 2025 | 10
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Turns out tool does both file transfers and security fixes fast Patches17 Jan 2025 | 21
Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg Networks14 Jan 2025 | 26
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug This is what happens when you publish PoCs immediately, hm? Patches13 Jan 2025 | 1
Nominet probes network intrusion linked to Ivanti zero-day exploit Unauthorized activity detected, but no backdoors found Security13 Jan 2025 | 6
Zero-day exploits plague Ivanti Connect Secure appliances for second year running Factory resets and apply patches is the advice amid fortnight delay for other appliances Patches09 Jan 2025 | 2
MediaTek rings in the new year with a parade of chipset vulns Manufacturers should have had ample time to apply the fixes Security06 Jan 2025 | 5
UK ICO not happy with Google's plans to allow device fingerprinting Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more Security23 Dec 2024 | 75
Apache issues patches for critical Struts 2 RCE bug More details released after devs allowed weeks to apply fixes Patches12 Dec 2024 |
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Patches11 Dec 2024 | 2
US military grounds entire Osprey tiltrotor fleet over safety concerns Boeing-Bell V-22 can't outfly its checkered past, it seems Public Sector10 Dec 2024 | 89
Fully patched Cleo products under renewed 'zero-day-ish' mass attack Thousands of servers targeted while customers wait for patches Research10 Dec 2024 |
OpenWrt orders router firmware updates after supply chain attack scare A couple of bugs lead to a potentially bad time CSO09 Dec 2024 | 6
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files updated Still unpatched 100+ days later, watchTowr says Cyber-crime06 Dec 2024 | 4
Perfect 10 directory traversal vuln hits SailPoint's IAM solution Updated 20-year-old info disclosure class bug still pervades security software Patches03 Dec 2024 | 6
Zabbix urges upgrades after critical SQL injection bug disclosure US agencies blasted 'unforgivable' SQLi flaws earlier this year Patches29 Nov 2024 | 7
QNAP and Veritas dump 30-plus vulns over the weekend Updated Just what you want to find when you start a new week Patches26 Nov 2024 | 2
'Alarming' security bugs lay low in Linux's needrestart utility for 10 years Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server Research21 Nov 2024 | 15
D-Link tells users to trash old VPN routers over bug too dangerous to identify Vendor offers 20% discount on new model, but not patches CSO20 Nov 2024 | 59
Palo Alto Networks tackles firewall-busting zero-days with critical patches Amazing that these two bugs got into a production appliance, say researchers Patches19 Nov 2024 | 4
Microsoft slips Task Manager and processor count fixes into Patch Tuesday Sore about cores no more Patches13 Nov 2024 | 7
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code 'Once again, we've lost a little more faith in the internet,' researcher says CSO12 Nov 2024 | 3
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability Over 5 million records from 25 organizations posted to black hat forum Cyber-crime12 Nov 2024 | 2
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system Ultra-Reliable Wireless Backhaul doesn't live up to its name Patches07 Nov 2024 | 16
Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Mondays are for checking months of logs, apparently, if MFA's not enabled Security04 Nov 2024 | 14
Admins better Spring into action over latest critical open source vuln Patch up: The Spring framework dominates the Java ecosystem Security29 Oct 2024 | 1
macOS HM Surf vuln might already be under exploit by major malware family Like keeping your camera and microphone private? Patch up Cybersecurity Month21 Oct 2024 | 16
Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue Cybersecurity Month14 Oct 2024 | 8
US and UK govts warn: Russia scanning for your unpatched vulnerabilities in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more Security12 Oct 2024 | 11
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Usual three-week window to address significant risks to federal agencies applies Cybersecurity Month10 Oct 2024 |
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 26
Using iPhone Mirroring at work? You might have just overshared to your boss What does IT glimpse but a dating app on your wee little screen Software08 Oct 2024 | 27
Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager Cybersecurity Month04 Oct 2024 | 6
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Poor use of PHP include() strikes again Cybersecurity Month02 Oct 2024 | 4