Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue Cybersecurity Month14 Oct 2024 | 8
US and UK govts warn: Russia scanning for your unpatched vulnerabilities in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more Security12 Oct 2024 | 10
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 26
Microsoft cleans up hot mess of Patch Tuesday preview Go forth and install your important security fixes Cybersecurity Month09 Oct 2024 | 5
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 6
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
Patch now: Critical Nvidia bug allows container escape, complete host takeover 33% of cloud environments using the toolkit impacted, we're told Patches26 Sep 2024 | 16
HPE patches three critical security holes in Aruba PAPI More 9.8 bugs? Ay, papi! Patches26 Sep 2024 | 1
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices Final update No patches yet, can be mitigated, requires user interaction Security26 Sep 2024 | 104
Ivanti patches exploited admin command execution flaw Fears over chained attacks affecting EOL product Patches20 Sep 2024 | 8
WhatsApp still working on making View Once chats actually disappear for all Updated So far it's more like View Forever Patches18 Sep 2024 | 16
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
Google Cloud Document AI flaw (still) allows data theft despite bounty payout Updated Chocolate Factory downgrades risk, citing the need for attacker access Security17 Sep 2024 |
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day Analysis The C in these CVEs stands for Confusing Security17 Sep 2024 | 8
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing SaaS seller sets severity to 'critical' Patches12 Sep 2024 | 4
About that Windows Installer 'make me admin' security hole. Here's how it's exploited What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's Patches12 Sep 2024 | 23
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack Patch Tuesday CISA wants you to leap on Citrix, Ivanti issues. Adobe, Intel, SAP vie for priority Patches11 Sep 2024 | 24
To patch this server, we need to get someone drunk On Call When maintenance windows are hard to open, a little lubrication helps Patches06 Sep 2024 | 116
One-year countdown to 'biggest Ctrl-Alt-Delete in history' as Windows 10 approaches end of support Microsoft's hardware compatibility gamble still hasn't paid off
WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly WP Engine seems to be excluded from sponsoring events, too
Compression? What's that? And why is the network congested and the PCs frozen? Who, Me? The only thing worse than a Reply All storm is a Send All storm
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption With an off-the-shelf D-Wave machine, but only against very short keys
Smart homes may be a bright idea, just not for the dim bulbs who live in 'em Opinion How many Reg hacks does it take to change a light fitting...?
Trump campaign arms up with 'unhackable' phones after Iranian intrusion Florida man gets his hands on 'the best ever'
Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue
Indonesia orders Apple, Google to take down Chinese bargain app Temu Plus: Infosys stops sending job offer emails; Singtel outage; Australia to require ransomware payment reveals
Boeing again delays the 777X – the plane that's supposed to turn things around Also warns it will fire thousands and keep making losses in space
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security Two critical holes including hardcoded admin credential Security05 Sep 2024 | 9
From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon Patches28 Aug 2024 | 7
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
You probably want to patch this critical GitHub Enterprise Server bug now Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code Patches21 Aug 2024 |
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patches14 Aug 2024 | 24
AMD won’t patch Sinkclose security bug on older Zen CPUs Updated Kernel mode not good enough for you? Maybe you'll like SMM of this Patches13 Aug 2024 | 14
Using 1Password on Mac? Patch up if you don’t want your Vaults raided Hundreds of thousands of users potentially vulnerable Patches08 Aug 2024 | 23
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others And Qualcomm addresses 'permanent denial of service' flaw in its stuff Patches06 Aug 2024 | 8
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability Get those patches applied – all the big dogs are abusing it VMware Explore30 Jul 2024 | 18
CrowdStrike meets Murphy's Law: Anything that can go wrong will Opinion And boy, did last Friday's Windows fiasco ever prove that yet again Patches26 Jul 2024 | 98
Progress discloses second critical flaw in Telerik Report Server in as many months These are the kinds of bugs APTs thrive on, just ask the Feds Patches26 Jul 2024 | 1
You should probably fix this 5-year-old critical Docker vuln fairly sharpish For some unknown reason, initial patch was omitted from later versions Patches25 Jul 2024 |
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29
The months and days before and after CrowdStrike's fatal Friday Analysis 'In the short term, they're going to have to do a lot of groveling' CSO25 Jul 2024 | 46
Uncle Sam opens probe into CrowdStrike turbulence at Delta Air Lines Concerns abound over why it has taken so long to recover compared to competitors Security24 Jul 2024 | 10
Windows Patch Tuesday update might send a user to the BitLocker recovery screen Not now, Microsoft Patches24 Jul 2024 | 44
Maximum-severity Cisco vulnerability allows attackers to change admin passwords You’re going to want to patch this one Patches18 Jul 2024 | 17
Firms skip security reviews of major app updates about half the time Updated Complicated, costly, time-consuming – pick three Patches18 Jul 2024 | 18
ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu Exclusive 'It seems like they really don't have a full grasp of what's going on with this patch' Patches15 Jul 2024 | 11
You had a year to patch this Veeam flaw – and now it's going to hurt some more LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Patches11 Jul 2024 | 4
Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday Patch Tuesday Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday Patches10 Jul 2024 | 19
Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk Full system takeovers on the cards, for those with enough patience to pull it off Patches01 Jul 2024 | 59
Juniper Networks flings out emergency patches for perfect 10 router vuln Get 'em while they're hot Patches01 Jul 2024 | 6
Batten down the hatches, it's time to patch some more MOVEit bugs Exploit attempts for ‘devastating’ vulnerabilities already underway Patches26 Jun 2024 | 9
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server About a thousand vulnerable instances still exposed online, we're told Patches24 Jun 2024 | 9
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug Specially crafted network packet could allow remote code execution and access to VM fleets Patches18 Jun 2024 | 8
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day Symantec suggests Black Basta crew beat Microsoft to the patch Malware Month12 Jun 2024 | 2
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack CSO12 Jun 2024 | 7
7-year-old Oracle WebLogic bug under active exploitation Experts say Big Red will probably re-release patch in an upcoming cycle Malware Month06 Jun 2024 | 6
Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes That backdoor's not meant to be there? Patches05 Jun 2024 | 3
Three-year-old Apache Flink flaw under active attack We know IT admins have busy schedules but c'mon Patches24 May 2024 | 11
Veeam says critical flaw can't be abused to trash backups It's still a rough one, so patch up Patches23 May 2024 | 1
GitHub Enterprise Server patches 10-outta-10 critical hole On the bright side, someone made up to $30,000+ for finding it Patches22 May 2024 | 3
Uncle Sam to inject $50M into auto-patcher for hospital IT Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever Public Sector22 May 2024 | 33
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit Plus: Google Chrome, Apple bugs also exploited in the wild Patches14 May 2024 | 3
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off Patches14 May 2024 | 4
The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching More work to do as most deadlines are missed and worst bugs still take months to fix Patches07 May 2024 |
Patch up – 4 critical bugs in ArubaOS lead to remote code execution Ten vulnerabilities in total for admins to apply Patches02 May 2024 | 4
Open source programming language R patches gnarly arbitrary code exec flaw Updated An ACE in the hole for miscreants Patches01 May 2024 | 1
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims 'I want to buy a car. That's all' Cyber-crime18 Apr 2024 | 6
Delinea Secret Server customers should apply latest patches Updated Attackers could nab an org's most sensitive keys if left unaddressed Patches15 Apr 2024 | 3
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways Out of the PAN-OS and into the firewall, a Python backdoor this way comes Cyber-crime12 Apr 2024 | 13
It's 2024 and Intel silicon is still haunted by data-spilling Spectre Go, go InSpectre Gadget Research10 Apr 2024 | 23
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib BatBadBut hits Erlang, Go, Python, Ruby as well Patches10 Apr 2024 | 57
Microsoft squashes SmartScreen security bypass bug exploited in the wild Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Security10 Apr 2024 | 22
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching CVE-2024-1086 turns the page tables on system admins Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat Updated Vendor takes hardline approach to patch disclosure to new levels Patches28 Mar 2024 | 14
Nvidia's newborn ChatRTX bot patched for security bugs Flaws enable privilege escalation and remote code execution Patches28 Mar 2024 | 1
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb One might say this is a wurst case scenario Patches28 Mar 2024 | 44
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders CSO27 Mar 2024 | 14
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 | 2
March Patch Tuesday sees Hyper-V join the guest-host escape club Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet Patches13 Mar 2024 | 9
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 12
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
That home router botnet the Feds took down? Moscow's probably going to try again Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Security28 Feb 2024 | 37
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
Crims found and exploited these two Microsoft bugs before Redmond fixed 'em Patch Tuesday SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patches14 Feb 2024 | 5
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC Updated 'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge Patches13 Feb 2024 | 15
QNAP vulnerability disclosure ends up an utter shambles Two new flaws, one zero-day, countless different patches, but everything's fine! Patches13 Feb 2024 | 8
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
Windows Server 2022 patch is breaking apps for some users Uninstall the update or edit the Windows registry to restore order Patches17 Jan 2024 | 42
Patch now: Critical VMware, Atlassian flaws found You didn't have anything else to do this Tuesday, right? Patches16 Jan 2024 | 8
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Patches12 Jan 2024 | 20
New year, new updates for security holes in Windows, Adobe, Android and more Patch Tuesday Nothing under exploit… The calm before the storm? Patches09 Jan 2024 | 14
Facebook, Instagram now mine web links you visit to fuel targeted ads Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Patches08 Jan 2024 | 20
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right? Microsoft bug hunters highlight weaknesses in source-wrangling suite Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks Two CVEs can be abused to steal sensitive info or execute code Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods Mitigations require mix of updating libraries and manual customer action Patches27 Nov 2023 | 8