'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Patches
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
Update before that proof-of-concept comes to bite
Patches20 May 2025 | 20
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 34
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 3
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed
Patches13 May 2025 |
M365 apps on Windows 10 to get security fixes into 2028
Support for the underlying OS is another story
Applications12 May 2025 | 10
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 89
Free Blue Screens of Death for Windows 11 24H2 users
Microsoft rewards those who patch early with bricks hurled through its operating system
OSes16 Apr 2025 | 25
Don't delete that mystery empty folder. Windows put it there as a security fix
Copilot vibe coding for OS development? Why not
Patches14 Apr 2025 | 33
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE
What a MIME field
Patches08 Apr 2025 | 29
Chrome to patch decades-old flaw that let sites peek at your history
After 23 years, the privacy plumber has finally arrived to clean up this mess
Patches07 Apr 2025 | 7
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Simple denial-of-service blunder turned out to be remote unauth code exec disaster
Cyber-crime03 Apr 2025 | 3
Apple belatedly patches actively exploited bugs in older OSes
Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes
Patches02 Apr 2025 | 10
Popular
Builder.ai coded itself into a corner – now it's bankrupt
Comment When 'AI-powered' means 'mostly humans and bad decisions'
Apartment living to get worse in 5 years as 6 GHz Wi-Fi nears ‘exhaustion’
Cable Labs predicts two percent packet loss and 10ms latency in some buildings unless more spectrum freed
Google carves out cloudy safe spaces for nations nervous about America's reach
From air-gapped bunkers to partner-run platforms, sovereignty is suddenly in vogue
Trump announces $175B for Golden Dome defense shield over America
In practice, it'll cost many times that and almost certainly won't work
AROS turns any PC into an Amiga with USB-bootable distro
And other ways to get that Amiga feeling on a budget
Coinbase confirms insiders handed over data of 70K users
Bribed support staff identified, fired
Greater Manchester says its NHS analytics stack is years ahead of Palantir wares
Care board draws red lines over use of UK government-backed Federated Data Platform
Signal shuts the blinds on Microsoft Recall with the power of DRM
Chat app blocks Windows' screenshot-happy feature from peeking at private convos
M&S warns of £300M dent in profits from cyberattack
Downtime stings retailer, with technical recovery costs coming at a later date
VMware price hikes? Between 800 and 1,500%, claim Euro customers
Report slates end of perpetual licenses, death of monthly pay-as-you-go model, and 'punitive' changes by Broadcom
STORIES
CISA spots spawn of Spawn malware targeting Ivanti flaw
Resurge an apt name for malware targeting hardware maker that has security bug after security bug
Cyber-crime01 Apr 2025 | 1
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows
Patches28 Mar 2025 | 10
Hm, why are so many DrayTek routers stuck in a bootloop?
Time to update your firmware, if you can, to one with the security fixes, cough cough
Cyber-crime25 Mar 2025 | 58
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently
Patches25 Mar 2025 | 1
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
Palming off the blame using an ‘unknown’ best practice didn’t go down well either
Patches20 Mar 2025 | 7
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX
Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in
Patches19 Mar 2025 | 5
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Get off that old Firefox by Friday or you'll be sorry, says Moz
Root cert expiry may bring breakage or worse for add-ons, media playback, and more
Applications13 Mar 2025 | 45
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy
Patches12 Mar 2025 | 23
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15
Personal Tech26 Feb 2025 | 5
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority
Patches21 Feb 2025 |
FreSSH bugs undiscovered for years threaten OpenSSH security
Exploit code now available for MitM and DoS attacks
Patches18 Feb 2025 | 16
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew
Networks14 Feb 2025 | 9
Google: How to make any AMD Zen CPU always generate 4 as a random number
Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least
Patches04 Feb 2025 | 75
Google patches odd Android kernel security bug amid signs of targeted exploitation
Also, Netgear fixes critical router, access point vulnerabilities
Patches04 Feb 2025 | 5
VMware plugs steal-my-credentials holes in Cloud Foundation
Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant
Patches30 Jan 2025 |
Apple plugs security hole in its iThings that's already been exploited in iOS
Cupertino kicks off the year with a zero-day
Patches28 Jan 2025 | 15
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
SYSTEM-level command injection via API parameter *chef's kiss*
Patches24 Jan 2025 | 4
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers
But we mean, you've had nearly four years to patch
Patches23 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
No in-the-wild exploits … yet
Patches23 Jan 2025 |
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix
Big organizations and governments are main users of these gateways
Patches23 Jan 2025 | 10
Asus lets processor security fix slip out early, AMD confirms patch in progress
Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean
Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon
Old flaws that keep causing trouble haunt Big Red
Patches23 Jan 2025 |
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch
Update addresses boot failures on multi-node systems
Patches22 Jan 2025 | 6
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
Seven days after disclosure and little action taken, data shows
Patches21 Jan 2025 | 3
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day
Turns out tool does both file transfers and security fixes fast
Patches17 Jan 2025 | 21
Windows Patch Tuesday hits snag with Citrix software, workarounds published
Microsoft starts 2025 as it hopefully doesn't mean to go on
Patches15 Jan 2025 | 8
Microsoft fixes under-attack privilege-escalation holes in Hyper-V
Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco
Patches15 Jan 2025 | 7
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug
This is what happens when you publish PoCs immediately, hm?
Patches13 Jan 2025 | 1
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Factory resets and apply patches is the advice amid fortnight delay for other appliances
Patches09 Jan 2025 | 2
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
3 CVEs added to CISA's catalog
Security08 Jan 2025 | 4
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right?
Patches17 Dec 2024 | 3
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes
Patches12 Dec 2024 |
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker
Patches11 Dec 2024 | 2
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse
Security10 Dec 2024 | 24
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Updated Microsoft's OS sure loves throwing your creds at remote systems
Patches06 Dec 2024 | 11
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
updated Still unpatched 100+ days later, watchTowr says
Cyber-crime06 Dec 2024 | 4
Perfect 10 directory traversal vuln hits SailPoint's IAM solution
Updated 20-year-old info disclosure class bug still pervades security software
Patches03 Dec 2024 | 6
Zabbix urges upgrades after critical SQL injection bug disclosure
US agencies blasted 'unforgivable' SQLi flaws earlier this year
Patches29 Nov 2024 | 7
QNAP and Veritas dump 30-plus vulns over the weekend
Updated Just what you want to find when you start a new week
Patches26 Nov 2024 | 2
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
CSO22 Nov 2024 | 22
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Amazing that these two bugs got into a production appliance, say researchers
Patches19 Nov 2024 | 4
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Plus a bonus hard-coded local API key
Patches14 Nov 2024 |
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Sore about cores no more
Patches13 Nov 2024 | 7
Admins can give thanks this November for dollops of Microsoft patches
Patch Tuesday Don't be a turkey – get these fixed
Patches13 Nov 2024 | 21
HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code
'Once again, we've lost a little more faith in the internet,' researcher says
CSO12 Nov 2024 | 3
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
Ultra-Reliable Wireless Backhaul doesn't live up to its name
Patches07 Nov 2024 | 16
Windows Themes zero-day bug exposes users to NTLM credential theft
Plus a free micropatch until Redmond fixes the flaw
Security30 Oct 2024 | 7
Emergency patch: Cisco fixes bug under exploit in brute-force attacks
Who doesn't love abusing buggy appliances, really?
Software24 Oct 2024 | 3
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch
Plus, a POC to make it extra easy for attackers
Security23 Oct 2024 |
VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time
If the first patches don't work, try, try again
Patches22 Oct 2024 | 2
macOS HM Surf vuln might already be under exploit by major malware family
Like keeping your camera and microphone private? Patch up
Cybersecurity Month21 Oct 2024 | 16
Critical hardcoded SolarWinds credential now exploited in the wild
Another blow for IT software house and its customers
Security16 Oct 2024 | 23
Thousands of Fortinet instances vulnerable to actively exploited flaw
No excuses for not patching this nine-month-old issue
Cybersecurity Month14 Oct 2024 | 8
US and UK govts warn: Russia scanning for your unpatched vulnerabilities
in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more
Security12 Oct 2024 | 11
Mozilla patches critical Firefox vuln that attackers are already exploiting
Firefixed: It's maintenance time for low-complexity, high-impact security flaw
Cybersecurity Month10 Oct 2024 | 26
Microsoft cleans up hot mess of Patch Tuesday preview
Go forth and install your important security fixes
Cybersecurity Month09 Oct 2024 | 5
Microsoft issues 117 patches – some for flaws already under attack
Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw
Cybersecurity Month08 Oct 2024 | 6
Qualcomm urges device makers to push patches after 'targeted' exploitation
Given Amnesty's involvement, it's a safe bet spyware is in play
Patches08 Oct 2024 |
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
With 14 serious security flaws found, what a gift for spies and crooks
Cybersecurity Month02 Oct 2024 | 21
'Patch yesterday': Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure
Cybersecurity Month02 Oct 2024 | 5
Patch now: Critical Nvidia bug allows container escape, complete host takeover
33% of cloud environments using the toolkit impacted, we're told
Patches26 Sep 2024 | 18
HPE patches three critical security holes in Aruba PAPI
More 9.8 bugs? Ay, papi!
Patches26 Sep 2024 | 1
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices
Final update No patches yet, can be mitigated, requires user interaction
Security26 Sep 2024 | 103
Ivanti patches exploited admin command execution flaw
Fears over chained attacks affecting EOL product
Patches20 Sep 2024 | 8
WhatsApp still working on making View Once chats actually disappear for all
Updated So far it's more like View Forever
Patches18 Sep 2024 | 16
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
Bug reports made in China
Virtualization17 Sep 2024 | 1
Google Cloud Document AI flaw (still) allows data theft despite bounty payout
Updated Chocolate Factory downgrades risk, citing the need for attacker access
Security17 Sep 2024 |
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
Analysis The C in these CVEs stands for Confusing
Security17 Sep 2024 | 8
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing
SaaS seller sets severity to 'critical'
Patches12 Sep 2024 | 4
About that Windows Installer 'make me admin' security hole. Here's how it's exploited
What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's
Patches12 Sep 2024 | 23
Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack
Patch Tuesday CISA wants you to leap on Citrix, Ivanti issues. Adobe, Intel, SAP vie for priority
Patches11 Sep 2024 | 24
To patch this server, we need to get someone drunk
On Call When maintenance windows are hard to open, a little lubrication helps
Patches06 Sep 2024 | 116
Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security
Two critical holes including hardcoded admin credential
Security05 Sep 2024 | 9
From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot
Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon
Patches28 Aug 2024 | 7
SolarWinds left critical hardcoded credentials in its Web Help Desk product
Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
CSO22 Aug 2024 | 18
You probably want to patch this critical GitHub Enterprise Server bug now
Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code
Patches21 Aug 2024 |
Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others
Patch Tuesday Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action
Patches14 Aug 2024 | 24
AMD won’t patch Sinkclose security bug on older Zen CPUs
Updated Kernel mode not good enough for you? Maybe you'll like SMM of this
Patches13 Aug 2024 | 14
Biting the hand that feeds IT
