Vulnerability

CVE program gets last-minute funding from CISA – and maybe a new home

Uncertainty is the new certainty

CSO16 Apr 2025 | 32

Uncle Sam kills funding for CVE program. Yes, that CVE program

Updated Because vulnerability management has nothing to do with national security, right?

CSO16 Apr 2025 | 179

Old Fortinet flaws under attack with new method its patch didn't prevent

Infosec In Brief PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more!

Security14 Apr 2025 | 6

Don't open that JPEG in WhatsApp for Windows. It might be an .EXE

What a MIME field

Patches08 Apr 2025 | 29

Panic averted: It was just a bug in Atop after all

Warning of possible problems sparks controversy: Was it OverDAtop?

Software27 Mar 2025 | 11

CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug

Screenshot shows company head unhappy, claiming 'real CVE is pending'

Security27 Mar 2025 | 5

Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently

Patches25 Mar 2025 | 1

Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns

Infosec In Brief PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more!

Security24 Mar 2025 | 7

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Palming off the blame using an ‘unknown’ best practice didn’t go down well either

Patches20 Mar 2025 | 7

IBM scores perfect 10 ... vulnerability in mission-critical OS AIX

Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in

Patches19 Mar 2025 | 5

Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied

Maddening techno bass loop, Zoolander reference, and 14 minutes of time wasted

Security17 Mar 2025 | 144

Ransomware criminals love CISA's KEV list – and that's a bug, not a feature

1 in 3 entries are used to extort civilians, says new paper

Ransomware in Focus28 Feb 2025 | 5

Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o

Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity

AI + ML27 Feb 2025 | 127

Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time

Boffins poked around inside censorship engines – here's what they found

Networks27 Feb 2025 | 38

MITRE Caldera security suite scores perfect 10 for insecurity

Is a trivial remote-code execution hole in every version part of the training, or?

Research25 Feb 2025 | 9

Critical flaws in Mongoose library expose MongoDB to data thieves, code execution

Bugs fixed, updating to the latest version is advisable

Research20 Feb 2025 | 2

Palo Alto firewalls under attack as miscreants chain flaws for root access

If you want to avoid urgent patches, stop exposing management consoles to the public internet

Security19 Feb 2025 | 8

FreSSH bugs undiscovered for years threaten OpenSSH security

Exploit code now available for MitM and DoS attacks

Patches18 Feb 2025 | 16

Critical PostgreSQL bug tied to zero-day attack on US Treasury

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further

Research14 Feb 2025 | 22

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff

CSO13 Feb 2025 | 75

Apple warns 'extremely sophisticated attack' may be targeting iThings

Cupertino mostly uses bland language when talking security, so this sounds nasty

Security11 Feb 2025 | 23

Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

International security squads all focus on stopping baddies busting in through routers, IoT kit etc

Edge + IoT05 Feb 2025 | 4

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Big organizations and governments are main users of these gateways

Patches23 Jan 2025 | 10

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Turns out tool does both file transfers and security fixes fast

Patches17 Jan 2025 | 21

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

Networks14 Jan 2025 | 26

Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

This is what happens when you publish PoCs immediately, hm?

Patches13 Jan 2025 | 1

Nominet probes network intrusion linked to Ivanti zero-day exploit

Unauthorized activity detected, but no backdoors found

Security13 Jan 2025 | 6

Zero-day exploits plague Ivanti Connect Secure appliances for second year running

Factory resets and apply patches is the advice amid fortnight delay for other appliances

Patches09 Jan 2025 | 2

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes

Security06 Jan 2025 | 5

UK ICO not happy with Google's plans to allow device fingerprinting

Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Security23 Dec 2024 | 75

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Patches12 Dec 2024 |

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Patches11 Dec 2024 | 2

US military grounds entire Osprey tiltrotor fleet over safety concerns

Boeing-Bell V-22 can't outfly its checkered past, it seems

Public Sector10 Dec 2024 | 89

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Research10 Dec 2024 |

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

CSO09 Dec 2024 | 6

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

updated Still unpatched 100+ days later, watchTowr says

Cyber-crime06 Dec 2024 | 4

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

Updated 20-year-old info disclosure class bug still pervades security software

Patches03 Dec 2024 | 6

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

QNAP and Veritas dump 30-plus vulns over the weekend

Updated Just what you want to find when you start a new week

Patches26 Nov 2024 | 2

'Alarming' security bugs lay low in Linux's needrestart utility for 10 years

Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server

Research21 Nov 2024 | 15

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

CSO20 Nov 2024 | 59

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Patches13 Nov 2024 | 7

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

CSO12 Nov 2024 | 3

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum

Cyber-crime12 Nov 2024 | 2

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Ultra-Reliable Wireless Backhaul doesn't live up to its name

Patches07 Nov 2024 | 16

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

Mondays are for checking months of logs, apparently, if MFA's not enabled

Security04 Nov 2024 | 14

Admins better Spring into action over latest critical open source vuln

Patch up: The Spring framework dominates the Java ecosystem

Security29 Oct 2024 | 1

macOS HM Surf vuln might already be under exploit by major malware family

Like keeping your camera and microphone private? Patch up

Cybersecurity Month21 Oct 2024 | 16

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue

Cybersecurity Month14 Oct 2024 | 8

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Usual three-week window to address significant risks to federal agencies applies

Cybersecurity Month10 Oct 2024 |

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

Cybersecurity Month10 Oct 2024 | 26

Using iPhone Mirroring at work? You might have just overshared to your boss

What does IT glimpse but a dating app on your wee little screen

Software08 Oct 2024 | 27

Apple fixes bug that let VoiceOver shout your passwords

Not a great look when the iGiant just launched its first password manager

Cybersecurity Month04 Oct 2024 | 6

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4