Vulnerability

Ivanti patches exploited admin command execution flaw

Fears over chained attacks affecting EOL product

Patches20 Sep 2024 | 8

Feeld dating app's security too open-minded as private data swings into public view

No love for months-long wait to fix this, either

Research13 Sep 2024 | 8

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

SaaS seller sets severity to 'critical'

Patches12 Sep 2024 | 4

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Updated Infosec hounds say they spotted vulnerability during routine travel in the US

Research30 Aug 2024 | 28

AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Still no love for 1000- or 2000-series

Systems20 Aug 2024 | 21

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

Windows giant tells Cisco Talos it isn't fixing them

Research19 Aug 2024 | 21

AMD won’t patch Sinkclose security bug on older Zen CPUs

Updated Kernel mode not good enough for you? Maybe you'll like SMM of this

Patches13 Aug 2024 | 14

If you give Copilot the reins, don't be surprised when it spills your secrets

Black Hat 'All of the defaults are insecure' Zenity CTO claims

Black Hat and DEF CON08 Aug 2024 | 18

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

Hundreds of thousands of users potentially vulnerable

Patches08 Aug 2024 | 23

Devices with insecure SSH services are everywhere, say infosec duo

Black Hat 'Serendipitous' discovery may have you second guessing your appliances

Black Hat and DEF CON07 Aug 2024 | 10

SAP Core AI bugs allowed access to internal network servers, say researchers

Black Hat Wiz infoseccers able to promote themselves from humble customer to full-blown admin

Black Hat and DEF CON06 Aug 2024 |

UK plans to revamp national cyber defense tools are already in motion

Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part

Cyber-crime02 Aug 2024 | 8

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

Get those patches applied – all the big dogs are abusing it

VMware Explore30 Jul 2024 | 18

Progress discloses second critical flaw in Telerik Report Server in as many months

These are the kinds of bugs APTs thrive on, just ask the Feds

Patches26 Jul 2024 | 1

You should probably fix this 5-year-old critical Docker vuln fairly sharpish

For some unknown reason, initial patch was omitted from later versions

Patches25 Jul 2024 |

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You’re going to want to patch this one

Patches18 Jul 2024 | 17

RADIUS networking protocol blasted into submission through MD5-based flaw

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Research10 Jul 2024 | 11

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

There's also chatter about whether medium severity scare is actually code red nightmare

Research05 Jul 2024 | 25

Traeger security bugs bad news for grillers with neighborly beef

Never risk it when it comes to brisket – make sure those updates are applied

Research03 Jul 2024 | 20

No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

Command injection bug being abused by suspected Chinese spies – patch up

Malware Month02 Jul 2024 | 6

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk

Full system takeovers on the cards, for those with enough patience to pull it off

Patches01 Jul 2024 | 59

Juniper Networks flings out emergency patches for perfect 10 router vuln

Get 'em while they're hot

Patches01 Jul 2024 | 6

Batten down the hatches, it's time to patch some more MOVEit bugs

Exploit attempts for ‘devastating’ vulnerabilities already underway

Patches26 Jun 2024 | 9

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

Crafty crims broke in but encryption stopped any nastiness

Cyber-crime25 Jun 2024 | 3

Phoenix UEFI flaw puts long list of Intel chips in hot seat

Researchers discuss it in same breath as BlackLotus and MosaicRegressor

Research21 Jun 2024 | 21

That didn't take long: Replacement for SORBS spam blacklist arises ... sort of

Infosec in brief Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln

Security17 Jun 2024 | 2

Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

Researchers were able to glean data from 10,000 meetings held by top Dutch gov officials

Cyber-crime07 Jun 2024 | 12

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

That backdoor's not meant to be there?

Patches05 Jun 2024 | 3

NIST turns to IT consultants to clear National Vulnerability Database backlog

Aims to get CVE logjam cleared by the end of FY 24

CSO03 Jun 2024 | 5

Veeam says critical flaw can't be abused to trash backups

It's still a rough one, so patch up

Patches23 May 2024 | 1

GitHub Enterprise Server patches 10-outta-10 critical hole

On the bright side, someone made up to $30,000+ for finding it

Patches22 May 2024 | 3

Critical Fluent Bit bug affects all major cloud providers, say researchers

Crashes galore, plus especially crafty crims could use it for much worse

Research21 May 2024 | 2

Researchers call out QNAP for dragging its heels on patch development

WatchTowr publishes report claiming vendor failed to issue fixes after four months

Research20 May 2024 | 4

NCSC CTO: Broken market must be fixed to usher in new tech

CYBERUK It may take ten years but vendors must be held accountable for the vulnerabilities they introduce

Security16 May 2024 | 9

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities

When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off

Patches14 May 2024 | 4

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

More work to do as most deadlines are missed and worst bugs still take months to fix

Patches07 May 2024 |

CISA says 'no more' to decades-old directory traversal bugs

Recent attacks on healthcare thrust infosec agency into alert mode

CSO06 May 2024 | 13

Chinese government website security is often worryingly bad, say Chinese researchers

Exclusive Bad configurations, insecure versions of jQuery, and crummy cookies are some of myriad problems

Public Sector03 May 2024 | 28

Patch up – 4 critical bugs in ArubaOS lead to remote code execution

Ten vulnerabilities in total for admins to apply

Patches02 May 2024 | 4

Federal frenzy to patch gaping GitLab account takeover hole

Warning comes exactly a year after the vulnerability was introduced

Cyber-crime02 May 2024 | 8

Open source programming language R patches gnarly arbitrary code exec flaw

Updated An ACE in the hole for miscreants

Patches01 May 2024 | 1

Exploit code for Palo Alto Networks zero-day now public

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Security17 Apr 2024 | 3

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Security15 Apr 2024 | 49

Delinea Secret Server customers should apply latest patches

Updated Attackers could nab an org's most sensitive keys if left unaddressed

Patches15 Apr 2024 | 3

Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib

BatBadBut hits Erlang, Go, Python, Ruby as well

Patches10 Apr 2024 | 57

Hotel check-in terminal bug spews out access codes for guest rooms

Attacks could be completed in seconds, compromising customer safety

Research05 Apr 2024 | 31

Ivanti commits to secure-by-design overhaul after vulnerability nightmare

CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat

Security04 Apr 2024 | 19

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Updated Vendor takes hardline approach to patch disclosure to new levels

Patches28 Mar 2024 | 14

Nvidia's newborn ChatRTX bot patched for security bugs

Flaws enable privilege escalation and remote code execution

Patches28 Mar 2024 | 1

These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

One might say this is a wurst case scenario

Patches28 Mar 2024 | 44

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Software slackers urged to up their game

Security26 Mar 2024 | 66

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

Users may have to upgrade twice to protect their browsers

Security25 Mar 2024 | 9

Some 300,000 IPs vulnerable to this Loop DoS attack

Easy to exploit, not yet exploited, not widely patched – pick three

Research24 Mar 2024 | 24

3 million doors open to uninvited guests in keycard exploit

As months go by without fixes, hotels take the scenic route to securing rooms

Research22 Mar 2024 | 53

Hardware-level Apple Silicon vulnerability can leak cryptographic keys

Short of redesigning CPUs, the fix will seriously degrade performance

Research22 Mar 2024 | 22

More than 133,000 Fortinet appliances still vulnerable to month-old critical bug

A huge attack surface for a vulnerability with various PoCs available

Patches18 Mar 2024 | 2