Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big
Security14 Jan 2026 | 1
Patches
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group
Patches13 Jan 2026 | 1
Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit
No reports of active exploitation … yet
Patches08 Jan 2026 | 3
CISA flags actively exploited Office relic alongside fresh HPE flaw
Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago
Cyber-crime08 Jan 2026 | 6
Maximum-severity n8n flaw lets randos run your automation server
Unauthenticated RCE means anyone on the network can seize full control
Patches08 Jan 2026 | 12
Logitech macOS mouse mayhem traced to expired dev certificate
Company says it dropped the ball, apologizes for wasting people's time
Patches08 Jan 2026 | 48
An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit
You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you?
Patches30 Dec 2025 | 20
Microsoft rushes an out-of-band update for Message Queuing bug
Redmond gets in early for the twelve whoopsies of Christmas
Patches23 Dec 2025 | 9
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls
Networks19 Dec 2025 | 14
HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform
Patches19 Dec 2025 | 4
Apple, Google forced to issue emergency 0-day patches
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse
Patches15 Dec 2025 | 31
Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg
Patches12 Dec 2025 | 7
New React vulns leak secrets, invite DoS attacks
And the earlier React2Shell patch is vulnerable
Patches12 Dec 2025 | 3
Google fixes super-secret 8th Chrome 0-day
No details, no CVE, update your browser now
Patches11 Dec 2025 | 10
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files
Patches04 Dec 2025 | 17
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year
Patches02 Dec 2025 | 13
Fortinet finally cops to critical make-me-admin bug under active exploitation
More than a month after PoC made public
Patches14 Nov 2025 | 9
Cisco warns of 'new attack variant' battering firewalls under exploit for 6 months
Plus 2 new critical vulns - patch now
Patches06 Nov 2025 | 4
AMD red-faced over random-number bug that kills cryptographic security
Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way
Security05 Nov 2025 | 11
Docker Compose vulnerability opens door to host-level writes – patch pronto
Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity
Patches30 Oct 2025 | 3
Popular
Court tosses appeal by hacker who opened port to coke smugglers with malware
Dutchman fails to convince judges his trial was unfair because cops read his encrypted chats
Developer writes script to throw AI out of Windows
Satya Nadella's call to accept and embrace desktop brainboxes faces skepticism
Linus Torvalds tries vibe coding, world still intact somehow
The Emperor Penguin has a go… just for fun
Lenovo has a hunch you’re about to try quitting VMware
Tweaks its hardware to run multiple private cloud stacks, and shift between them
Britain goes shopping for a rapid-fire missile to help Ukraine hit back
Project Nightfall aims to deliver a UK-built long-range strike capability at speed
No fire sale for firewalls as memory shortages could push prices higher
In SEC filings, Fortinet and Palo Alto show shrinking product margins taking hold.
Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops
'Violence-as-a-service' suspect arrested in Iraq, extradition underway
Gang members 'systematically exploited children and young people,' cops say
India demands crypto outfits geolocate customers, get a selfie to prove they’re real
Government is fed up with bad actors using digi-cash to fund dodgy deeds
Danish dev delights kid by turning floppy drive into easy TV remote
Just insert a disk and the TV starts playing three-year-old’s favorite shows
STORIES
Microsoft drops surprise Windows Server patch before weekend downtime
You didn't have plans, did you?
Patches24 Oct 2025 | 16
Forking confusing: Vulnerable Rust crate exposes uv Python packager
Forks of forks of forks, but which ones are patched?
Patches22 Oct 2025 | 6
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix
Research15 Oct 2025 | 10
Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens
Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data
Patches14 Oct 2025 | 1
Clop crew hits Oracle E-Business Suite users with fresh zero-day
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion
Cybersecurity Month06 Oct 2025 |
Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Researchers suggest internet-facing portals are exposing 'thousands' of orgs
Cybersecurity Month03 Oct 2025 |
Warnings about Cisco vulns under active exploit are falling on deaf ears
50,000 firewall devices still exposed
Patches30 Sep 2025 | 22
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable
Patches26 Sep 2025 | 3
UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild
CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies
Patches26 Sep 2025 | 14
Zero-day deja vu as another Cisco IOS bug comes under attack
The latest in a run of serious networking bugs gives attackers root if they have SNMP access
Networks25 Sep 2025 | 13
SonicWall releases rootkit-busting firmware update following wave of attacks
Security vendor's no good, very bad week year
Patches23 Sep 2025 |
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
Or maybe 3 strikes, you're out?
Patches23 Sep 2025 | 2
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Outside experts say the vulnerability has probably already been exploited
Patches19 Sep 2025 | 7
OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data
Patches19 Sep 2025 | 5
Google pushes emergency patch for Chrome 0-day – check your browser version now
Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play
Patches18 Sep 2025 | 8
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals'
Patches16 Sep 2025 | 7
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against 'specific targeted users'
Patches12 Sep 2025 | 7
Critical, make-me-super-user SAP S/4HANA bug under active exploitation
9.9-rated flaw on the loose, so patch now
Patches05 Sep 2025 | 1
Android drops mega patch bomb - 120 fixes, two already exploited
September bundle the largest this year, and possibly the most serious
Patches03 Sep 2025 | 14
Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk
Major flaws uncovered in Copeland controllers: Patch now
Patches02 Sep 2025 | 47
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK
Patches28 Aug 2025 | 3
Apple rushes out fix for active zero-day in iOS and macOS
Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden
Patches21 Aug 2025 | 21
Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE
Move along, nothing to see here
Patches20 Aug 2025 | 2
Commvault releases patches for two nasty bug chains after exploits proven
Updated Researchers disclosing their findings said 'it's as bad as it sounds'
Patches20 Aug 2025 |
Don't want drive-by Ollama attackers snooping on your local chats? Patch now
Reconfigure local app settings via a 'simple' POST request
Patches19 Aug 2025 | 4
Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole
Switchzilla's summer of perfect 10s
Patches15 Aug 2025 | 8
Fortinet discloses critical bug with working exploit code amid surge in brute-force attempts
If there's smoke?
Patches13 Aug 2025 | 10
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
No reported in-the-wild exploits…yet
Patches07 Aug 2025 | 5
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Psst, wanna steal someone's biometrics?
Patches05 Aug 2025 | 20
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise
Wiz Research details flaws in Python backend that expose AI models and enable remote code execution
Patches05 Aug 2025 | 1
Microsoft spotlights Apple bug patched in March as SharePoint exploits continue
Look over there!
Patches28 Jul 2025 | 1
Microsoft patches critical SharePoint 2016 zero-days amid active exploits
Admins urged to rotate machine keys, restart IIS after emergency fix
Patches22 Jul 2025 |
Another massive security snafu hits Microsoft, but don't expect it to stick
comment Move along, nothing to see here
Patches21 Jul 2025 | 14
Watch out, another max-severity, make-me-root Cisco bug on the loose
Updated Three perfect 10s in the last month - ISE, ISE, baby
Patches17 Jul 2025 | 16
Microsoft offers vintage Exchange and Skype server users six more months of security updates
It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing
Patches17 Jul 2025 | 11
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal
Patches11 Jul 2025 | 12
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Updated Add CISA to the list
Patches10 Jul 2025 | 3
Microsoft enjoys first Patch Tuesday of 2025 with no active exploits
Sure, 130 fixes were sent out, but bask in the security goodness
Patches08 Jul 2025 | 15
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
NetScaler vendor issued a patch but otherwise, stony silence
Patches07 Jul 2025 | 6
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
The second max score this week for Netzilla - not a good look
Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'
Patches02 Jul 2025 | 7
Microsoft admits to Intune forgetfulness
Customizations not saved with security baseline policy update
Patches01 Jul 2025 | 8
Cisco fixes two critical make-me-root bugs on Identity Services Engine components
A 10.0 and a 9.8 – these aren’t patches to dwell on
Datacenter Networking Nexus26 Jun 2025 | 4
Citrix bleeds again: This time a zero-day exploited - patch now
Two emergency patches issued in two weeks
Patches25 Jun 2025 | 1
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Why are you even reading this story? Patch now!
Patches24 Jun 2025 | 7
Veeam patches third critical RCE bug in Backup & Replication in space of a year
Version 13 can’t come soon enough
Patches18 Jun 2025 | 1
Sitecore CMS flaw let attackers brute-force 'b' for backdoor
Hardcoded passwords and path traversals keeping bug hunters in work
Patches17 Jun 2025 | 5
Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue'
updated On your marks, get set... bork!
Patches11 Jun 2025 | 50
Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack
Patch Tuesday Stealthy Falcon swoops on WebDAV and Redmond's even patching IE!
Patches10 Jun 2025 |
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind
Patches03 Jun 2025 | 6
Microsoft patches the patch that put Windows 11 in a coma
Out-of-band is becoming the norm rather than the exception
OSes03 Jun 2025 | 13
Microsoft's May Patch Tuesday update fails on some Windows 11 VMs
'The operating system couldn't be loaded' is never a great message
Patches29 May 2025 | 17
'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
Update before that proof-of-concept comes to bite
Patches20 May 2025 | 21
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 34
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 3
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed
Patches13 May 2025 |
M365 apps on Windows 10 to get security fixes into 2028
Support for the underlying OS is another story
Applications12 May 2025 | 10
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 88
Free Blue Screens of Death for Windows 11 24H2 users
Microsoft rewards those who patch early with bricks hurled through its operating system
OSes16 Apr 2025 | 25
Don't delete that mystery empty folder. Windows put it there as a security fix
Copilot vibe coding for OS development? Why not
Patches14 Apr 2025 | 33
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE
What a MIME field
Patches08 Apr 2025 | 29
Chrome to patch decades-old flaw that let sites peek at your history
After 23 years, the privacy plumber has finally arrived to clean up this mess
Patches07 Apr 2025 | 6
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Simple denial-of-service blunder turned out to be remote unauth code exec disaster
Cyber-crime03 Apr 2025 | 3
Apple belatedly patches actively exploited bugs in older OSes
Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes
Patches02 Apr 2025 | 10
CISA spots spawn of Spawn malware targeting Ivanti flaw
Resurge an apt name for malware targeting hardware maker that has security bug after security bug
Cyber-crime01 Apr 2025 | 1
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows
Patches28 Mar 2025 | 10
Hm, why are so many DrayTek routers stuck in a bootloop?
Time to update your firmware, if you can, to one with the security fixes, cough cough
Cyber-crime25 Mar 2025 | 58
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently
Patches25 Mar 2025 | 1
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
Palming off the blame using an ‘unknown’ best practice didn’t go down well either
Patches20 Mar 2025 | 7
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX
Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in
Patches19 Mar 2025 | 5
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Get off that old Firefox by Friday or you'll be sorry, says Moz
Root cert expiry may bring breakage or worse for add-ons, media playback, and more
Applications13 Mar 2025 | 45
Biting the hand that feeds IT
