Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions Where have we heard this before? Feb security update needs its own fix OSes25 Apr 2025 | 1
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues Patches25 Apr 2025 | 2
Today's LLMs craft exploits from patches at lightning speed Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days It's now hitting govt, enterprise targets CSO21 Apr 2025 | 31
CVE fallout: The splintering of the standard vulnerability tracking system has begun Comment MITRE, EUVD, GCVE … WTF? Spotlight on RSAC18 Apr 2025 | 88
Free Blue Screens of Death for Windows 11 24H2 users Microsoft rewards those who patch early with bricks hurled through its operating system OSes16 Apr 2025 | 25
Don't delete that mystery empty folder. Windows put it there as a security fix Copilot vibe coding for OS development? Why not Patches14 Apr 2025 | 33
April's Patch Tuesday leaves unlucky Windows Hello users unable to login Updated Can't Redmond ask its whizz-bang Copilot AI to fix it? Patches09 Apr 2025 | 11
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE What a MIME field Patches08 Apr 2025 | 29
Chrome to patch decades-old flaw that let sites peek at your history After 23 years, the privacy plumber has finally arrived to clean up this mess Patches07 Apr 2025 | 7
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years Simple denial-of-service blunder turned out to be remote unauth code exec disaster Cyber-crime03 Apr 2025 | 3
Apple belatedly patches actively exploited bugs in older OSes Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes Patches02 Apr 2025 | 10
CISA spots spawn of Spawn malware targeting Ivanti flaw Resurge an apt name for malware targeting hardware maker that has security bug after security bug Cyber-crime01 Apr 2025 | 1
After Chrome patches zero-day used to target Russians, Firefox splats similar bug Single click on a phishing link in Google browser blew up sandbox on Windows Patches28 Mar 2025 | 10
Hm, why are so many DrayTek routers stuck in a bootloop? Time to update your firmware, if you can, to one with the security fixes, cough cough Cyber-crime25 Mar 2025 | 58
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Patches25 Mar 2025 | 1
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist Palming off the blame using an ‘unknown’ best practice didn’t go down well either Patches20 Mar 2025 | 7
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in Patches19 Mar 2025 | 5
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild' Updated One PUT request, one poisoned session file, and the server’s yours CSO18 Mar 2025 | 8
Devs sound alarm after Microsoft subtracts C/C++ extension from VS Code forks Cursor, Codium makers lose access as add-on goes exclusive
Google admits depreciation costs are soaring amid furious bit barn build Still plans to invest $75B in CapEx this year as unable to meet capacity demand
Build your own antisocial writing rig with DOS and a $2 USB key Reg hack pines for simpler times, then tries to recapture them
New Intel boss is all about ‘de-laborating’ the x86 giant – aka job cuts Thousands face ax, more given RTO orders in quest to suck less
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed Opinion Infosec is a team sport … unless you're in the White House
M&S stops online orders as 'cyber incident' issues worsen One step forward and one step back as earlier hopes of progress dashed by latest update
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry Because coding phishing sites from scratch is a real pain in the neck
Emergency patch for potential SAP zero-day that could grant full system control German software giant paywalls details, but experts piece together the clues
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures
Get off that old Firefox by Friday or you'll be sorry, says Moz Root cert expiry may bring breakage or worse for add-ons, media playback, and more Applications13 Mar 2025 | 43
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patches12 Mar 2025 | 23
VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Virtualization04 Mar 2025 | 8
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) Starting with Snapdragon 8 Elite and 'droid 15 Personal Tech26 Feb 2025 | 5
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws PoC exploit code shows why this is a patch priority Patches21 Feb 2025 |
FreSSH bugs undiscovered for years threaten OpenSSH security Exploit code now available for MitM and DoS attacks Patches18 Feb 2025 | 16
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew Networks14 Feb 2025 | 9
Google: How to make any AMD Zen CPU always generate 4 as a random number Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Patches04 Feb 2025 | 75
Google patches odd Android kernel security bug amid signs of targeted exploitation Also, Netgear fixes critical router, access point vulnerabilities Patches04 Feb 2025 | 5
VMware plugs steal-my-credentials holes in Cloud Foundation Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant Patches30 Jan 2025 |
Apple plugs security hole in its iThings that's already been exploited in iOS Cupertino kicks off the year with a zero-day Patches28 Jan 2025 | 15
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now SYSTEM-level command injection via API parameter *chef's kiss* Patches24 Jan 2025 | 4
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers But we mean, you've had nearly four years to patch Patches23 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management No in-the-wild exploits … yet Patches23 Jan 2025 |
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Big organizations and governments are main users of these gateways Patches23 Jan 2025 | 10
Asus lets processor security fix slip out early, AMD confirms patch in progress Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon Old flaws that keep causing trouble haunt Big Red Patches23 Jan 2025 |
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch Update addresses boot failures on multi-node systems Patches22 Jan 2025 | 6
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day Seven days after disclosure and little action taken, data shows Patches21 Jan 2025 | 3
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Turns out tool does both file transfers and security fixes fast Patches17 Jan 2025 | 21
Windows Patch Tuesday hits snag with Citrix software, workarounds published Microsoft starts 2025 as it hopefully doesn't mean to go on Patches15 Jan 2025 | 8
Microsoft fixes under-attack privilege-escalation holes in Hyper-V Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco Patches15 Jan 2025 | 7
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug This is what happens when you publish PoCs immediately, hm? Patches13 Jan 2025 | 1
Zero-day exploits plague Ivanti Connect Secure appliances for second year running Factory resets and apply patches is the advice amid fortnight delay for other appliances Patches09 Jan 2025 | 2
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit 3 CVEs added to CISA's catalog Security08 Jan 2025 | 4
Critical security hole in Apache Struts under exploit You applied the patch that could stop possible RCE attacks last week, right? Patches17 Dec 2024 | 3
Apache issues patches for critical Struts 2 RCE bug More details released after devs allowed weeks to apply fixes Patches12 Dec 2024 |
Three more vulns spotted in Ivanti CSA, all critical, one 10/10 Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Patches11 Dec 2024 | 2
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse Security10 Dec 2024 | 24
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ Updated Microsoft's OS sure loves throwing your creds at remote systems Patches06 Dec 2024 | 11
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files updated Still unpatched 100+ days later, watchTowr says Cyber-crime06 Dec 2024 | 4
Perfect 10 directory traversal vuln hits SailPoint's IAM solution Updated 20-year-old info disclosure class bug still pervades security software Patches03 Dec 2024 | 6
Zabbix urges upgrades after critical SQL injection bug disclosure US agencies blasted 'unforgivable' SQLi flaws earlier this year Patches29 Nov 2024 | 7
QNAP and Veritas dump 30-plus vulns over the weekend Updated Just what you want to find when you start a new week Patches26 Nov 2024 | 2
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more CSO22 Nov 2024 | 22
Palo Alto Networks tackles firewall-busting zero-days with critical patches Amazing that these two bugs got into a production appliance, say researchers Patches19 Nov 2024 | 4
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Plus a bonus hard-coded local API key Patches14 Nov 2024 |
Microsoft slips Task Manager and processor count fixes into Patch Tuesday Sore about cores no more Patches13 Nov 2024 | 7
Admins can give thanks this November for dollops of Microsoft patches Patch Tuesday Don't be a turkey – get these fixed Patches13 Nov 2024 | 21
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code 'Once again, we've lost a little more faith in the internet,' researcher says CSO12 Nov 2024 | 3
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system Ultra-Reliable Wireless Backhaul doesn't live up to its name Patches07 Nov 2024 | 16
Windows Themes zero-day bug exposes users to NTLM credential theft Plus a free micropatch until Redmond fixes the flaw Security30 Oct 2024 | 7
Emergency patch: Cisco fixes bug under exploit in brute-force attacks Who doesn't love abusing buggy appliances, really? Software24 Oct 2024 | 3
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch Plus, a POC to make it extra easy for attackers Security23 Oct 2024 |
VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time If the first patches don't work, try, try again Patches22 Oct 2024 | 2
macOS HM Surf vuln might already be under exploit by major malware family Like keeping your camera and microphone private? Patch up Cybersecurity Month21 Oct 2024 | 16
Critical hardcoded SolarWinds credential now exploited in the wild Another blow for IT software house and its customers Security16 Oct 2024 | 23
Thousands of Fortinet instances vulnerable to actively exploited flaw No excuses for not patching this nine-month-old issue Cybersecurity Month14 Oct 2024 | 8
US and UK govts warn: Russia scanning for your unpatched vulnerabilities in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more Security12 Oct 2024 | 11
Mozilla patches critical Firefox vuln that attackers are already exploiting Firefixed: It's maintenance time for low-complexity, high-impact security flaw Cybersecurity Month10 Oct 2024 | 26
Microsoft cleans up hot mess of Patch Tuesday preview Go forth and install your important security fixes Cybersecurity Month09 Oct 2024 | 5
Microsoft issues 117 patches – some for flaws already under attack Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw Cybersecurity Month08 Oct 2024 | 6
Qualcomm urges device makers to push patches after 'targeted' exploitation Given Amnesty's involvement, it's a safe bet spyware is in play Patches08 Oct 2024 |
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking With 14 serious security flaws found, what a gift for spies and crooks Cybersecurity Month02 Oct 2024 | 21
'Patch yesterday': Zimbra mail servers under siege through RCE vuln Attacks began the day after public disclosure Cybersecurity Month02 Oct 2024 | 5
Patch now: Critical Nvidia bug allows container escape, complete host takeover 33% of cloud environments using the toolkit impacted, we're told Patches26 Sep 2024 | 18
HPE patches three critical security holes in Aruba PAPI More 9.8 bugs? Ay, papi! Patches26 Sep 2024 | 1
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices Final update No patches yet, can be mitigated, requires user interaction Security26 Sep 2024 | 103
Ivanti patches exploited admin command execution flaw Fears over chained attacks affecting EOL product Patches20 Sep 2024 | 8
WhatsApp still working on making View Once chats actually disappear for all Updated So far it's more like View Forever Patches18 Sep 2024 | 16
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation Bug reports made in China Virtualization17 Sep 2024 | 1
Google Cloud Document AI flaw (still) allows data theft despite bounty payout Updated Chocolate Factory downgrades risk, citing the need for attacker access Security17 Sep 2024 |
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day Analysis The C in these CVEs stands for Confusing Security17 Sep 2024 | 8
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing SaaS seller sets severity to 'critical' Patches12 Sep 2024 | 4
About that Windows Installer 'make me admin' security hole. Here's how it's exploited What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's Patches12 Sep 2024 | 23
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack Patch Tuesday CISA wants you to leap on Citrix, Ivanti issues. Adobe, Intel, SAP vie for priority Patches11 Sep 2024 | 24
To patch this server, we need to get someone drunk On Call When maintenance windows are hard to open, a little lubrication helps Patches06 Sep 2024 | 116
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security Two critical holes including hardcoded admin credential Security05 Sep 2024 | 9
From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon Patches28 Aug 2024 | 7
SolarWinds left critical hardcoded credentials in its Web Help Desk product Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway CSO22 Aug 2024 | 18
You probably want to patch this critical GitHub Enterprise Server bug now Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code Patches21 Aug 2024 |
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patches14 Aug 2024 | 24
AMD won’t patch Sinkclose security bug on older Zen CPUs Updated Kernel mode not good enough for you? Maybe you'll like SMM of this Patches13 Aug 2024 | 14
Using 1Password on Mac? Patch up if you don’t want your Vaults raided Hundreds of thousands of users potentially vulnerable Patches08 Aug 2024 | 23
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others And Qualcomm addresses 'permanent denial of service' flaw in its stuff Patches06 Aug 2024 | 8
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability Get those patches applied – all the big dogs are abusing it VMware Explore30 Jul 2024 | 18
CrowdStrike meets Murphy's Law: Anything that can go wrong will Opinion And boy, did last Friday's Windows fiasco ever prove that yet again Patches26 Jul 2024 | 98
Progress discloses second critical flaw in Telerik Report Server in as many months These are the kinds of bugs APTs thrive on, just ask the Feds Patches26 Jul 2024 | 1
You should probably fix this 5-year-old critical Docker vuln fairly sharpish For some unknown reason, initial patch was omitted from later versions Patches25 Jul 2024 |
Patch management still seemingly abysmal because no one wants the job Comment Are your security and ops teams fighting to pass the buck? Malware Month25 Jul 2024 | 29