Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
Oh cool, a 5,500-day security hole
Patches22 Sep 2022 | 53
Patches
WordPress-powered sites backdoored after FishPig suffers supply chain attack
And two other security snafus in this web publishing world
Patches15 Sep 2022 | 18
Microsoft fixes Windows security hole likely widely exploited by miscreants
Patch Tuesday Plus: Nasty no-auth RCE in TCP/IP stack, Adobe flaws, and many more updates
Patches13 Sep 2022 | 14
Google urges open source community to fuzz test code
We'll even get our checkbook out, web giant says
Patches08 Sep 2022 | 10
Go programming language arrives at security warnings that are useful
Low-noise tool hopes to highlight vulnerabilities imported into projects
Patches06 Sep 2022 | 6
Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
Grab and deploy this backend update if you offer even repo read access
Patches29 Aug 2022 | 6
80,000 internet-connected cameras still vulnerable after critical patch offered
Just more IoT conscripts for the botnet armies
Patches24 Aug 2022 | 15
If you haven't patched Zimbra holes by now, assume you're toast
Here's how to detect an intrusion via vulnerable email systems
Patches23 Aug 2022 |
Google, Apple squash exploitable browser bugs
Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation
Patches17 Aug 2022 | 8
Warning! Critical flaws found in US Emergency Alert System
DEF CON may be about to blow lid off security hole
Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
Meanwhile, a security update for rsync
Patches03 Aug 2022 | 1
Atlassian reveals critical flaws in almost everything it makes and touches
Fixes issued, warns it 'has not exhaustively enumerated all potential consequences'
Patches21 Jul 2022 | 13
CISA pulls the fire alarm on Juniper Networks bugs
Hate to ruin your Friday
Patches15 Jul 2022 | 3
Homeland Security warns: Expect Log4j risks for 'a decade or longer'
Great, another thing that's gone endemic
Patches14 Jul 2022 | 12
X.org servers update closes 2 security holes, adds neat component tweaks
Arbitrary code execution flaws in the X Keyboard Extension were bad news
Patches13 Jul 2022 | 7
Microsoft's July Patch Tuesday fixes actively exploited bug
Patch Tuesday No, Windows Autopatch didn't kill the monthly patchapalooza
Patches12 Jul 2022 | 8
Take the day off: Windows Autopatch is live and can even fix cloudy PCs
But first, there's a whole lot of AD and Intune prep to be done
Patches12 Jul 2022 | 13
Google updates Chrome to squash actively exploited WebRTC Zero Day
How sad – this looks like a fine excuse to avoid video conferences for a while
Patches05 Jul 2022 | 11
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
Updated Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution
Patches27 Jun 2022 | 10
Cisco warns of security holes in its security appliances
Bugs potentially useful for rogue insiders, admin account hijackers
Patches22 Jun 2022 | 11
Popular
You've heard of the cost-of-living crisis, now get ready for the cost-of-working crisis
As employers herd staff back to the office with few perks, workers are concerned about what it'll cost them
Malwarebytes blocks Google, YouTube as malware
Updated Sounds like fair comment
Meta, Google learn the art of the quiet layoff
You're not being fired, we're just unable to facilitate your sustained employment
Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
Oh cool, a 5,500-day security hole
Tesla Megapack battery ignites at substation after less than 6 months
It's better to burn out than to fade away
IT services giant Wipro fires 300 for moonlighting
Labor org points out hypocrisy of chairman with multiple directorships sacking workers for similar
'I Don't Care About Cookies' extension sold to Avast
Users of cookie-warning-buster add-on already forking off due to privacy concerns
San Francisco cops can use private cameras to live-monitor 'significant events'
All eyes on you, and you, and you
Tongues wag that Softbank's Son may sell Arm to Samsung
Japanese super-tycoon to discuss 'stategic alliance' with electronics chaebol
Charter won't pay out $7b after cable installer murdered woman. Just $1b instead
Well, assuming the US ISP doesn't win its appeal
STORIES
Microsoft fixes under-attack Windows zero-day Follina
Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs
Patches15 Jun 2022 | 4
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence
Updated One option: Take the thing offline until Friday patch applied
Patches03 Jun 2022 | 20
CIOs largely believe their software supply chain is vulnerable
Internal bureaucracy and barriers hold up roll out of defenses, report finds
Patches31 May 2022 | 3
Ransomware attack sends US county back to 1977
In brief Also: Uni details its malware-catching AI, signs of China poking the Russian cyber-bear, and more
Patches29 May 2022 | 9
Talos names eight deadly sins in widely used industrial software
Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)
Patches27 May 2022 | 6
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Google Project Zero blows lid off bug involving that old chestnut: XML parsing
Patches24 May 2022 | 4
Screencastify fixes bug that would have let rogue websites spy on webcams
Updated School-friendly Chrome extension still not fully protected, privacy guru warns
Patches24 May 2022 | 3
If you've got Intel inside, you probably need to get these security patches inside, too
So. Many. BIOS. Bugs
Patches12 May 2022 | 9
Microsoft closes Windows LSA hole under active attack
Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy
Patches11 May 2022 | 7
F5, Cisco admins: Stop what you're doing and check if you need to install these patches
Updated BIG-IP iControl authentication bypass, NFV VM escape, and more
Patches06 May 2022 | 6
Critical vulnerabilities found in 'millions of Aruba and Avaya switches'
Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
Patches03 May 2022 | 31
Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!
Will Redmond start code-naming Windows make-me-admin bugs?
Patches27 Apr 2022 | 111
AWS's Log4j patches blew holes in its own security
Remote code exec is so 2014. Have this container escape and privilege escalation, instead
Patches20 Apr 2022 | 10
Apache says Struts 2 security bug wasn't fully fixed in 2020
But this time the patch should do the trick
Patches13 Apr 2022 | 3
Git for Windows issues update to fix running-someone-else’s-code vuln
Running a multi-user Windows environment and Git? Time to patch
Patches13 Apr 2022 | 2
Microsoft's huge Patch Tuesday includes fix for bug under attack
April bundle addresses 100-plus vulnerabilities including 10 critical RCEs
Patches13 Apr 2022 | 15
Critical bug allows attacker to remotely control medical robot
CVSS 9.8 flaws are not what you want in a hospital robot
Patches12 Apr 2022 | 12
Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina
About 35-40% of iGiant's desktop OS installs potentially vulnerable, says Intego
Patches06 Apr 2022 | 70
