Patches News • The Register

Patches

Microsoft offers vintage Exchange and Skype server users six more months of security updates

It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing

Patches17 Jul 2025 | 4

CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn

Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal

Patches11 Jul 2025 | 12

Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

Updated Add CISA to the list

Patches10 Jul 2025 | 3

Microsoft enjoys first Patch Tuesday of 2025 with no active exploits

Sure, 130 fixes were sent out, but bask in the security goodness

Patches08 Jul 2025 | 15

CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

NetScaler vendor issued a patch but otherwise, stony silence

Patches07 Jul 2025 | 6

Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform

The second max score this week for Netzilla - not a good look

Patches02 Jul 2025 | 14

CISA warns the Signal clone used by natsec staffers is being attacked, so patch now

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'

Patches02 Jul 2025 | 7

Microsoft admits to Intune forgetfulness

Customizations not saved with security baseline policy update

Patches01 Jul 2025 | 8

Cisco fixes two critical make-me-root bugs on Identity Services Engine components

A 10.0 and a 9.8 – these aren’t patches to dwell on

Datacenter Networking Nexus26 Jun 2025 | 4

Citrix bleeds again: This time a zero-day exploited - patch now

Two emergency patches issued in two weeks

Patches25 Jun 2025 | 1

Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

Why are you even reading this story? Patch now!

Patches24 Jun 2025 | 7

Veeam patches third critical RCE bug in Backup & Replication in space of a year

Version 13 can’t come soon enough

Patches18 Jun 2025 | 1

Sitecore CMS flaw let attackers brute-force 'b' for backdoor

Hardcoded passwords and path traversals keeping bug hunters in work

Patches17 Jun 2025 | 5

Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue'

updated On your marks, get set... bork!

Patches11 Jun 2025 | 50

Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack

Patch Tuesday Stealthy Falcon swoops on WebDAV and Redmond's even patching IE!

Patches10 Jun 2025 |

Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild

TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind

Patches03 Jun 2025 | 6

Microsoft patches the patch that put Windows 11 in a coma

Out-of-band is becoming the norm rather than the exception

OSes03 Jun 2025 | 13

Microsoft's May Patch Tuesday update fails on some Windows 11 VMs

'The operating system couldn't be loaded' is never a great message

Patches29 May 2025 | 17

'Ongoing' Ivanti hijack bug exploitation reaches clouds

Nothing like insecure code in security suites

CSO21 May 2025 | 4

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms

Update before that proof-of-concept comes to bite

Patches20 May 2025 | 21

Popular

Nearly 3 out of 4 Oracle Java users say they've been audited in the past 3 years

Big Red’s changes to Java licensing also inspire exodus to open source

VMware reboots its partner program again – and it looks like smaller players are out

Exclusive Second major change in 18 months will be most unwelcome for many - as will critical flaws announced today

Curl creator mulls nixing bug bounty awards to stop AI slop

Maintainers struggle to handle growing flow of low-quality bug reports written by bots

Former Google DeepMind engineer behind Simular says other AI agents are doing it wrong

Simular is starting with industries like insurance and healthcare with tons of forms to fill

AI creeps into the risk register for America's biggest firms

S&P 500 businesses warn investors they may never see ROI in SEC filings

With Tomahawk Ultra, Broadcom asks who needs UALink when there's Ethernet?

The never Nvidia networking party just got another option

If you want a picture of the future, imagine humans checking AI didn't make a mistake – forever

Column CEOs will chase illusory profits as workers are left to pick defective items from an agentic production line

Cloudflare fesses up to config change that borked internet access for all

Down and out for hour, claims CDN biz. No, say users, more like three

Ukrainian hackers claim to have destroyed major Russian drone maker's entire network

'Deeply penetrated' Gaskar 'to the very tonsils of demilitarization'

Turbulence at Air Serbia, the latest airline under cyber siege

Exclusive Attack enters day 11 and still no public disclosure of what insider claims to be 'deep breach' of Active Directory

MORE
STORIES

Ivanti patches two zero-days under active attack as intel agency warns customers

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product

Patches14 May 2025 | 1

Go ahead and ignore Patch Tuesday – it might improve your security

No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'

Patches14 May 2025 | 34

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu

Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti

Patches14 May 2025 | 3

Commvault fixes critical Command Center issue after flaw finder alert

Pay-to-play security on CVSS 10 issue is now fixed

Patches13 May 2025 |

M365 apps on Windows 10 to get security fixes into 2028

Support for the underlying OS is another story

Applications12 May 2025 | 10

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions

Where have we heard this before? Feb security update needs its own fix

OSes25 Apr 2025 | 1

Emergency patch for potential SAP zero-day that could grant full system control

German software giant paywalls details, but experts piece together the clues

Patches25 Apr 2025 | 2

Today's LLMs craft exploits from patches at lightning speed

Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours

AI Software Development Week21 Apr 2025 | 19

Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days

It's now hitting govt, enterprise targets

CSO21 Apr 2025 | 31

CVE fallout: The splintering of the standard vulnerability tracking system has begun

Comment MITRE, EUVD, GCVE … WTF?

Spotlight on RSAC18 Apr 2025 | 89

Free Blue Screens of Death for Windows 11 24H2 users

Microsoft rewards those who patch early with bricks hurled through its operating system

OSes16 Apr 2025 | 25

Don't delete that mystery empty folder. Windows put it there as a security fix

Copilot vibe coding for OS development? Why not

Patches14 Apr 2025 | 33

April's Patch Tuesday leaves unlucky Windows Hello users unable to login

Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?

Patches09 Apr 2025 | 11

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug

Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low

Patches08 Apr 2025 | 14

Don't open that JPEG in WhatsApp for Windows. It might be an .EXE

What a MIME field

Patches08 Apr 2025 | 29

Chrome to patch decades-old flaw that let sites peek at your history

After 23 years, the privacy plumber has finally arrived to clean up this mess

Patches07 Apr 2025 | 6

Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years

Simple denial-of-service blunder turned out to be remote unauth code exec disaster

Cyber-crime03 Apr 2025 | 3

Apple belatedly patches actively exploited bugs in older OSes

Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes

Patches02 Apr 2025 | 10

CISA spots spawn of Spawn malware targeting Ivanti flaw

Resurge an apt name for malware targeting hardware maker that has security bug after security bug

Cyber-crime01 Apr 2025 | 1

After Chrome patches zero-day used to target Russians, Firefox splats similar bug

Single click on a phishing link in Google browser blew up sandbox on Windows

Patches28 Mar 2025 | 10

Hm, why are so many DrayTek routers stuck in a bootloop?

Time to update your firmware, if you can, to one with the security fixes, cough cough

Cyber-crime25 Mar 2025 | 58

Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently

Patches25 Mar 2025 | 1

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Palming off the blame using an ‘unknown’ best practice didn’t go down well either

Patches20 Mar 2025 | 7

IBM scores perfect 10 ... vulnerability in mission-critical OS AIX

Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in

Patches19 Mar 2025 | 5

'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'

Updated One PUT request, one poisoned session file, and the server’s yours

CSO18 Mar 2025 | 8

Get off that old Firefox by Friday or you'll be sorry, says Moz

Root cert expiry may bring breakage or worse for add-ons, media playback, and more

Applications13 Mar 2025 | 45

Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws

Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy

Patches12 Mar 2025 | 23

VMware splats guest-to-hypervisor escape bugs already exploited in wild

The heap overflow zero-day in the memory unsafe code by Miss Creant

Virtualization04 Mar 2025 | 8

Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)

Starting with Snapdragon 8 Elite and 'droid 15

Personal Tech26 Feb 2025 | 5

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

PoC exploit code shows why this is a patch priority

Patches21 Feb 2025 |

FreSSH bugs undiscovered for years threaten OpenSSH security

Exploit code now available for MitM and DoS attacks

Patches18 Feb 2025 | 16

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew

Networks14 Feb 2025 | 9

Google: How to make any AMD Zen CPU always generate 4 as a random number

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least

Patches04 Feb 2025 | 75

Google patches odd Android kernel security bug amid signs of targeted exploitation

Also, Netgear fixes critical router, access point vulnerabilities

Patches04 Feb 2025 | 5

VMware plugs steal-my-credentials holes in Cloud Foundation

Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant

Patches30 Jan 2025 |

Apple plugs security hole in its iThings that's already been exploited in iOS

Cupertino kicks off the year with a zero-day

Patches28 Jan 2025 | 15

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

SYSTEM-level command injection via API parameter *chef's kiss*

Patches24 Jan 2025 | 4

One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers

But we mean, you've had nearly four years to patch

Patches23 Jan 2025 | 4

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

No in-the-wild exploits … yet

Patches23 Jan 2025 |

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Big organizations and governments are main users of these gateways

Patches23 Jan 2025 | 10

Asus lets processor security fix slip out early, AMD confirms patch in progress

Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean

Patches23 Jan 2025 | 11

Oracle emits 603 patches, names one it wants you to worry about soon

Old flaws that keep causing trouble haunt Big Red

Patches23 Jan 2025 |

Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch

Update addresses boot failures on multi-node systems

Patches22 Jan 2025 | 6

Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day

Seven days after disclosure and little action taken, data shows

Patches21 Jan 2025 | 3

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Turns out tool does both file transfers and security fixes fast

Patches17 Jan 2025 | 21

Windows Patch Tuesday hits snag with Citrix software, workarounds published

Microsoft starts 2025 as it hopefully doesn't mean to go on

Patches15 Jan 2025 | 8

Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco

Patches15 Jan 2025 | 7

Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

This is what happens when you publish PoCs immediately, hm?

Patches13 Jan 2025 | 1

Zero-day exploits plague Ivanti Connect Secure appliances for second year running

Factory resets and apply patches is the advice amid fortnight delay for other appliances

Patches09 Jan 2025 | 2

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Security08 Jan 2025 | 4

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

Patches17 Dec 2024 | 3

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Patches12 Dec 2024 |

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Patches11 Dec 2024 | 2

Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse

Security10 Dec 2024 | 24

Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

Updated Microsoft's OS sure loves throwing your creds at remote systems

Patches06 Dec 2024 | 11

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

updated Still unpatched 100+ days later, watchTowr says

Cyber-crime06 Dec 2024 | 4

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

Updated 20-year-old info disclosure class bug still pervades security software

Patches03 Dec 2024 | 6

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

QNAP and Veritas dump 30-plus vulns over the weekend

Updated Just what you want to find when you start a new week

Patches26 Nov 2024 | 2

1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more

CSO22 Nov 2024 | 22

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Plus a bonus hard-coded local API key

Patches14 Nov 2024 |

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Patches13 Nov 2024 | 7

Admins can give thanks this November for dollops of Microsoft patches

Patch Tuesday Don't be a turkey – get these fixed

Patches13 Nov 2024 | 21

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

CSO12 Nov 2024 | 3

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Ultra-Reliable Wireless Backhaul doesn't live up to its name

Patches07 Nov 2024 | 16

Windows Themes zero-day bug exposes users to NTLM credential theft

Plus a free micropatch until Redmond fixes the flaw

Security30 Oct 2024 | 7

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

Who doesn't love abusing buggy appliances, really?

Software24 Oct 2024 | 3

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Security23 Oct 2024 |

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

If the first patches don't work, try, try again

Patches22 Oct 2024 | 2

macOS HM Surf vuln might already be under exploit by major malware family

Like keeping your camera and microphone private? Patch up

Cybersecurity Month21 Oct 2024 | 16

Critical hardcoded SolarWinds credential now exploited in the wild

Another blow for IT software house and its customers

Security16 Oct 2024 | 23

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue

Cybersecurity Month14 Oct 2024 | 8

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

Cybersecurity Month10 Oct 2024 | 26

Microsoft cleans up hot mess of Patch Tuesday preview

Go forth and install your important security fixes

Cybersecurity Month09 Oct 2024 | 5

Microsoft issues 117 patches – some for flaws already under attack

Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw

Cybersecurity Month08 Oct 2024 | 6

Qualcomm urges device makers to push patches after 'targeted' exploitation

Given Amnesty's involvement, it's a safe bet spyware is in play

Patches08 Oct 2024 |

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks

Cybersecurity Month02 Oct 2024 | 21

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure

Cybersecurity Month02 Oct 2024 | 5

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2025