More than 133,000 Fortinet appliances still vulnerable to month-old critical bug A huge attack surface for a vulnerability with various PoCs available Patches18 Mar 2024 |
March Patch Tuesday sees Hyper-V join the guest-host escape club Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet Patches13 Mar 2024 | 8
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers War of words wages on between vendors divided Patches12 Mar 2024 | 10
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes Plus: CISA pulls plug on couple of systems feared compromised Cyber-crime08 Mar 2024 | 2
Apple's trademark tight lips extend to new iPhone, iPad zero-days Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4 Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
That home router botnet the Feds took down? Moscow's probably going to try again Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Security28 Feb 2024 | 36
Zoom stomps critical privilege escalation bug plus 6 other flaws All desktop and mobile apps vulnerable to at least one of the vulnerabilities Patches15 Feb 2024 |
Crims found and exploited these two Microsoft bugs before Redmond fixed 'em Patch Tuesday SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patches14 Feb 2024 | 5
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC Updated 'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge Patches13 Feb 2024 | 15
QNAP vulnerability disclosure ends up an utter shambles Two new flaws, one zero-day, countless different patches, but everything's fine! Patches13 Feb 2024 | 8
JetBrains urges swift patching of latest critical TeamCity flaw Cloud version is safe, but no assurances offered about possible on-prem exploits Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns Updated Please stand by 73 hours for vendor response...* Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns Many versions still without fixes while sophisticated attackers bypass mitigations Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process Vendor gets tangled in its own web of undisclosed vulnerabilities Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE Patches22 Jan 2024 | 7
Windows Server 2022 patch is breaking apps for some users Uninstall the update or edit the Windows registry to restore order Patches17 Jan 2024 | 42
Patch now: Critical VMware, Atlassian flaws found You didn't have anything else to do this Tuesday, right? Patches16 Jan 2024 | 8
Thousands of Juniper Networks devices vulnerable to critical RCE bug Yet more support for the argument to adopt memory-safe languages Patches15 Jan 2024 | 13
How to run an LLM on your PC, not in the cloud, in less than 10 minutes Hands On Cut through the hype, keep your data private, find out what all the fuss is about
Filipino police free hundreds of slaves toiling in romance scam operation 875 workers liberated after falling for promises of lucrative work, nine arrested
TrueNAS CORE 13 is the end of the FreeBSD version Debian-based TrueNAS SCALE is the future primary focus
In the rush to build AI apps, please, please don't leave security behind Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more
Yes, I did just crash that critical app. And you should thank me for having done so Who, Me? Quick thinking turned poor judgement into genius proactivity
Qualcomm unveils Snapdragon 8s Gen 3 with Eye-of-Sauron camera Wherever you go, whatever you do, your phone is watching
India quickly unwinds requirement for government approval of AIs Asia in brief Also: US woos Thailand, Philippines, for tech trade; China's Fukushima rage glows; Alibaba targets South Korea
ChatGPT side-channel attack has easy fix: Token obfuscation Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns
Infosec teams must be allowed to fail, argues Gartner But failing to recover from incidents is unforgivable because 'adrenalin does not scale'
Microsoft promises Copilot will be a 'moneymaker' in the long term Exec tells investors to 'temper' expectations as mission to convince customers of price tag continues
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers The bug with a perfect 10 severity score has been ripe for exploitation since May Patches15 Jan 2024 | 21
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Patches12 Jan 2024 | 20
New year, new updates for security holes in Windows, Adobe, Android and more Patch Tuesday Nothing under exploit… The calm before the storm? Patches09 Jan 2024 | 14
Facebook, Instagram now mine web links you visit to fuel targeted ads Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Patches08 Jan 2024 | 20
Four in five Apache Struts 2 downloads are for versions featuring critical flaw Seriously, people - please check the stuff you fetch more carefully Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability No need to panic, but grab those updates or mitigations anyway just to be safe Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right? Microsoft bug hunters highlight weaknesses in source-wrangling suite Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks Two CVEs can be abused to steal sensitive info or execute code Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods Mitigations require mix of updating libraries and manual customer action Patches27 Nov 2023 | 8
OpenCart owner turns air blue after researcher discloses serious vuln Web storefront maker fixed the flaw, but not before blasting infoseccer Patches24 Nov 2023 | 48
Windows Server 2022 update gave ESXi host VMs the blue screen blues Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches Patches16 Nov 2023 | 17
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws Patches15 Nov 2023 | 17
Intel emits patch to squash chip bug that lets any guest VM crash host servers Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix' Patches14 Nov 2023 | 1
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian Risk of ‘significant data loss’ for on-prem customers Patches31 Oct 2023 | 2
Apple drops urgent patch against obtuse TriangleDB iPhone malware Kaspersky first found this software nasty on its own phones Patches26 Oct 2023 | 9
VMware reveals critical vCenter vuln that you may have patched already without knowing it Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos Do it now, no ifs or buts, says advisory Patches17 Oct 2023 | 3
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed Patches10 Oct 2023 | 18
Fresh curl tomorrow will patch 'worst' security flaw in ages Updated It’s bad, folks. Pair of CVEs incoming on October 11 Patches10 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals Zero day? More like every day, amirite? Patches05 Oct 2023 | 3
IT networks under attack via critical Confluence zero-day. Patch now 'Handful' of customers hit so far, public-facing instances at risk Patches04 Oct 2023 | 16
Make-me-root 'Looney Tunables' security hole on Linux needs your attention What's up, Doc? Try elevated permissions Patches04 Oct 2023 | 47
Now MOVEit maker Progress patches holes in WS_FTP Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more Patches01 Oct 2023 | 9
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
Grab those updates: Microsoft flings out fixes for already-exploited bugs Patch Tuesday Plus: Adobe and Android also tackle abused-in-the-wild flaws Patches12 Sep 2023 | 5
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up Updated Exploit observed in the wild against codec lib in browsers, apps Patches12 Sep 2023 | 10
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks We're number one! We're number one! We're... Patches05 Sep 2023 | 15
Ivanti Sentry exploited in the wild, patches emitted Good thing you're not exposing admin port 8443 to the world, right? Uh, right? Patches22 Aug 2023 | 7
Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild Updated About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile Patches17 Aug 2023 | 3
Magento shopping cart attack targets critical vulnerability revealed in early 2022 Really? You didn't bother to patch a 9.8 severity critical flaw? Patches11 Aug 2023 | 7
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks It's like a nesting doll of security flaws Patches09 Aug 2023 | 32
Microsoft, Intel lead this month's security fix emissions Patch Tuesday Downfall processor leaks, Teams holes, VPN clients at risk, and more Patches08 Aug 2023 | 8
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies Invaders already spent four or more months frolicking inside Norwegian government servers Patches03 Aug 2023 | 7
Sneaky Python package security fixes help no one – except miscreants Good thing these eggheads have created a database of patches Patches26 Jul 2023 | 10
Ivanti plugs critical bug – but not before it was used against Norwegian government Uncle Sam warns sysadmins to get patching as soon as possible Patches26 Jul 2023 | 5
Apple patches exploited bugs in iPhones plus other holes One spotted by Amnesty International - wonder what that was used for? Patches25 Jul 2023 | 13
Quick: Manually patch this Zimbra bug that's under attack Smells like Russian cyber spies (again) Patches17 Jul 2023 | 3
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more Patches11 Jul 2023 | 14
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps? Black Hat and DEF CON03 Jul 2023 | 13
A (cautionary) tale of two patched bugs, both exploited in the wild One affects VMware's monitoring tool and the other TP-Link routers Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware Snoops may be targeting macOS in addition to iPhones, Kaspersky says Patches21 Jun 2023 | 3
Guess what happened to this US agency using outdated software? Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Patches16 Jun 2023 | 18
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh Plus: Adobe, SAP and Android push updates Patches13 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear And it's already being exploited in the wild, probably Patches12 Jun 2023 | 2
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit Patches01 Jun 2023 | 10
Barracuda Email Security Gateways bitten by data thieves Act now: Sea-themed backdoor malware injected via .tar-based hole Patches31 May 2023 | 8
Cisco squashes critical bugs in small biz switches You'll want to patch these as proof-of-concept exploit code is out there already Patches18 May 2023 |
Intel says Friday's mystery 'security update' microcode isn't really a security update We're all for encouraging people to squash bugs but this is an odd way to do it Patches15 May 2023 | 7
Why Microsoft just patched a patch that squashed an under-attack Outlook bug Let's take a quick dive into Windows API Patches12 May 2023 | 45
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual Patches09 May 2023 | 20
Apple pushes first-ever 'rapid' patch – and rapidly screws up Maybe you're just installing it wrong? Patches02 May 2023 | 43
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs Patches02 May 2023 | 1
Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention Two out of three public-facing app instances open to hijacking Patches25 Apr 2023 | 18
Military helicopter crash blamed on failure to apply software patch A rather nice beach in Australia now briefly hosted an unusual feature Patches18 Apr 2023 | 49
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug Plus Google, SAP, Adobe and Cisco emit fixes Patches11 Apr 2023 | 9
Apple squashes iOS, macOS zero-day bugs already exploited by snoops Keep calm and install patches before abuse becomes widespread Patches10 Apr 2023 | 1
Apple patches all the iThings, including iOS 15 hole under attack right now Issue identified in February but owners of older kit weren't warned Patches28 Mar 2023 | 11
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Patches17 Mar 2023 | 40
Microsoft: Patch this severe Outlook bug that Russian miscreants exploited Patch Tuesday Plus: Fixes for SAP, Adobe. Android, Chrome Patches14 Mar 2023 | 38
Microsoft squashes Windows bug exploited to inflict ransomware misery Not-so-smart SmartScreen flagged up by Googlers Patches14 Mar 2023 | 5
Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution Patches17 Feb 2023 | 8
VMware, Windows 11 shafted by Windows Server 2022 Updated OS won't start on some systems with ESXi VMs, while Win11 updates may not make it to devices Patches16 Feb 2023 | 18
Intel patches up SGX best it can after another load of security holes found Plus bugs squashed in Server Platform Services and more Patches15 Feb 2023 | 4
Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack Gone in 60 seconds using a USB-A plug and brute force instead of a key Patches15 Feb 2023 | 57
Apple splats zero-day bug, other gremlins in macOS, iOS WebKit flaw 'may have been exploited' – just like Tim Cook 'may have' made a million bucks this week Patches15 Feb 2023 | 7
Microsoft sweeps up after breaking .NET with December security updates XPS doc display issues fixed – until the next patch, at least Patches01 Feb 2023 | 3
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 14
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
Russians say they can grab software from Intel again And Windows updates from Microsoft, too Patches14 Jan 2023 | 52
Microsoft fixes Windows database connections it broke in November January Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22 Patches11 Jan 2023 | 3
First Patch Tuesday of the year explodes with in-the-wild exploit fix Patch Tuesday Plus: Intel, Adobe, SAP and Android bugs Patches11 Jan 2023 | 20
Microsoft fixes Hyper-V VM problem caused by Patch Tuesday The emergency OOB release should solve those frustrating failures Patches21 Dec 2022 | 2
Patch Tuesday update is causing some Windows 10 systems to blue screen Microsoft issues a workaround for problem while it works on a fix Patches20 Dec 2022 | 51
Patch Tuesday updates spark errors when creating Hyper-V VMs Something's broken, mom! Microsoft offers workaround while trying to think up a fix Patches14 Dec 2022 | 10
Microsoft ain't the only one squashing exploited-in-the-wild bugs this month Patch Tuesday Plus there's a PoC for this unpatched Cisco bug Patches14 Dec 2022 | 11
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Take a break from the gaming and fix these now Patches01 Dec 2022 | 5