M365 apps on Windows 10 to get security fixes into 2028
Support for the underlying OS is another story
Applications12 May 2025 | 10
Patches
Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions
Where have we heard this before? Feb security update needs its own fix
OSes25 Apr 2025 | 1
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues
Patches25 Apr 2025 | 2
Today's LLMs craft exploits from patches at lightning speed
Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours
AI Software Development Week21 Apr 2025 | 19
Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
It's now hitting govt, enterprise targets
CSO21 Apr 2025 | 31
CVE fallout: The splintering of the standard vulnerability tracking system has begun
Comment MITRE, EUVD, GCVE … WTF?
Spotlight on RSAC18 Apr 2025 | 88
Free Blue Screens of Death for Windows 11 24H2 users
Microsoft rewards those who patch early with bricks hurled through its operating system
OSes16 Apr 2025 | 25
Don't delete that mystery empty folder. Windows put it there as a security fix
Copilot vibe coding for OS development? Why not
Patches14 Apr 2025 | 33
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
Patch Tuesday A novel way to encourage upgrades? Microsoft would never stoop so low
Patches08 Apr 2025 | 14
Don't open that JPEG in WhatsApp for Windows. It might be an .EXE
What a MIME field
Patches08 Apr 2025 | 29
Chrome to patch decades-old flaw that let sites peek at your history
After 23 years, the privacy plumber has finally arrived to clean up this mess
Patches07 Apr 2025 | 6
Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
Simple denial-of-service blunder turned out to be remote unauth code exec disaster
Cyber-crime03 Apr 2025 | 3
Apple belatedly patches actively exploited bugs in older OSes
Cupertino already squashed 'em in more recent releases - which this week get a fresh round of fixes
Patches02 Apr 2025 | 10
CISA spots spawn of Spawn malware targeting Ivanti flaw
Resurge an apt name for malware targeting hardware maker that has security bug after security bug
Cyber-crime01 Apr 2025 | 1
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows
Patches28 Mar 2025 | 10
Hm, why are so many DrayTek routers stuck in a bootloop?
Time to update your firmware, if you can, to one with the security fixes, cough cough
Cyber-crime25 Mar 2025 | 58
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently
Patches25 Mar 2025 | 1
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
Palming off the blame using an ‘unknown’ best practice didn’t go down well either
Patches20 Mar 2025 | 7
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX
Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in
Patches19 Mar 2025 | 5
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
Updated One PUT request, one poisoned session file, and the server’s yours
CSO18 Mar 2025 | 8
Get off that old Firefox by Friday or you'll be sorry, says Moz
Root cert expiry may bring breakage or worse for add-ons, media playback, and more
Applications13 Mar 2025 | 45
Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
Patch Tuesday Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy
Patches12 Mar 2025 | 23
VMware splats guest-to-hypervisor escape bugs already exploited in wild
The heap overflow zero-day in the memory unsafe code by Miss Creant
Virtualization04 Mar 2025 | 8
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15
Personal Tech26 Feb 2025 | 5
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority
Patches21 Feb 2025 |
FreSSH bugs undiscovered for years threaten OpenSSH security
Exploit code now available for MitM and DoS attacks
Patches18 Feb 2025 | 16
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew
Networks14 Feb 2025 | 9
Google: How to make any AMD Zen CPU always generate 4 as a random number
Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least
Patches04 Feb 2025 | 75
Google patches odd Android kernel security bug amid signs of targeted exploitation
Also, Netgear fixes critical router, access point vulnerabilities
Patches04 Feb 2025 | 5
VMware plugs steal-my-credentials holes in Cloud Foundation
Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom's virtualization giant
Patches30 Jan 2025 |
Apple plugs security hole in its iThings that's already been exploited in iOS
Cupertino kicks off the year with a zero-day
Patches28 Jan 2025 | 15
Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
SYSTEM-level command injection via API parameter *chef's kiss*
Patches24 Jan 2025 | 4
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers
But we mean, you've had nearly four years to patch
Patches23 Jan 2025 | 4
Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
No in-the-wild exploits … yet
Patches23 Jan 2025 |
SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix
Big organizations and governments are main users of these gateways
Patches23 Jan 2025 | 10
Asus lets processor security fix slip out early, AMD confirms patch in progress
Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean
Patches23 Jan 2025 | 11
Oracle emits 603 patches, names one it wants you to worry about soon
Old flaws that keep causing trouble haunt Big Red
Patches23 Jan 2025 |
Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch
Update addresses boot failures on multi-node systems
Patches22 Jan 2025 | 6
Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
Seven days after disclosure and little action taken, data shows
Patches21 Jan 2025 | 3
Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day
Turns out tool does both file transfers and security fixes fast
Patches17 Jan 2025 | 21
Windows Patch Tuesday hits snag with Citrix software, workarounds published
Microsoft starts 2025 as it hopefully doesn't mean to go on
Patches15 Jan 2025 | 8
Microsoft fixes under-attack privilege-escalation holes in Hyper-V
Patch Tuesday Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco
Patches15 Jan 2025 | 7
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug
This is what happens when you publish PoCs immediately, hm?
Patches13 Jan 2025 | 1
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Factory resets and apply patches is the advice amid fortnight delay for other appliances
Patches09 Jan 2025 | 2
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
3 CVEs added to CISA's catalog
Security08 Jan 2025 | 4
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right?
Patches17 Dec 2024 | 3
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes
Patches12 Dec 2024 |
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker
Patches11 Dec 2024 | 2
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Patch Tuesday Twas the night before Christmas, and all through the house, patching was done with the click of a mouse
Security10 Dec 2024 | 24
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Updated Microsoft's OS sure loves throwing your creds at remote systems
Patches06 Dec 2024 | 11
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
updated Still unpatched 100+ days later, watchTowr says
Cyber-crime06 Dec 2024 | 4
Perfect 10 directory traversal vuln hits SailPoint's IAM solution
Updated 20-year-old info disclosure class bug still pervades security software
Patches03 Dec 2024 | 6
Zabbix urges upgrades after critical SQL injection bug disclosure
US agencies blasted 'unforgivable' SQLi flaws earlier this year
Patches29 Nov 2024 | 7
QNAP and Veritas dump 30-plus vulns over the weekend
Updated Just what you want to find when you start a new week
Patches26 Nov 2024 | 2
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
Updated PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
CSO22 Nov 2024 | 22
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Amazing that these two bugs got into a production appliance, say researchers
Patches19 Nov 2024 | 4
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Plus a bonus hard-coded local API key
Patches14 Nov 2024 |
Microsoft slips Task Manager and processor count fixes into Patch Tuesday
Sore about cores no more
Patches13 Nov 2024 | 7
Admins can give thanks this November for dollops of Microsoft patches
Patch Tuesday Don't be a turkey – get these fixed
Patches13 Nov 2024 | 21
Biting the hand that feeds IT
