Uncle Sam to inject $50M into auto-patcher for hospital IT
Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever
Public Sector22 May 2024 | 33
Patches
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit
Plus: Google Chrome, Apple bugs also exploited in the wild
Patches14 May 2024 | 3
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off
Patches14 May 2024 | 4
The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching
More work to do as most deadlines are missed and worst bugs still take months to fix
Patches07 May 2024 |
Patch up – 4 critical bugs in ArubaOS lead to remote code execution
Ten vulnerabilities in total for admins to apply
Patches02 May 2024 | 4
Open source programming language R patches gnarly arbitrary code exec flaw
Updated An ACE in the hole for miscreants
Patches01 May 2024 | 1
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims
'I want to buy a car. That's all'
Cyber-crime18 Apr 2024 | 6
Delinea Secret Server customers should apply latest patches
Updated Attackers could nab an org's most sensitive keys if left unaddressed
Patches15 Apr 2024 | 3
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways
Out of the PAN-OS and into the firewall, a Python backdoor this way comes
Cyber-crime12 Apr 2024 | 13
It's 2024 and Intel silicon is still haunted by data-spilling Spectre
Go, go InSpectre Gadget
Research10 Apr 2024 | 23
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib
BatBadBut hits Erlang, Go, Python, Ruby as well
Patches10 Apr 2024 | 57
Microsoft squashes SmartScreen security bypass bug exploited in the wild
Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates
Security10 Apr 2024 | 22
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
CVE-2024-1086 turns the page tables on system admins
Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat
Updated Vendor takes hardline approach to patch disclosure to new levels
Patches28 Mar 2024 | 14
Nvidia's newborn ChatRTX bot patched for security bugs
Flaws enable privilege escalation and remote code execution
Patches28 Mar 2024 | 1
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
One might say this is a wurst case scenario
Patches28 Mar 2024 | 44
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw
Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders
CSO27 Mar 2024 | 14
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug
A huge attack surface for a vulnerability with various PoCs available
Patches18 Mar 2024 | 2
March Patch Tuesday sees Hyper-V join the guest-host escape club
Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet
Patches13 Mar 2024 | 9
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers
War of words wages on between vendors divided
Patches12 Mar 2024 | 12
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes
Plus: CISA pulls plug on couple of systems feared compromised
Cyber-crime08 Mar 2024 | 2
Apple's trademark tight lips extend to new iPhone, iPad zero-days
Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4
Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'
Updated Exploits began within hours of the original disclosure, so patch now
Patches05 Mar 2024 | 37
That home router botnet the Feds took down? Moscow's probably going to try again
Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs
Security28 Feb 2024 | 37
Zoom stomps critical privilege escalation bug plus 6 other flaws
All desktop and mobile apps vulnerable to at least one of the vulnerabilities
Patches15 Feb 2024 |
Crims found and exploited these two Microsoft bugs before Redmond fixed 'em
Patch Tuesday SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android
Patches14 Feb 2024 | 5
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
Updated 'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge
Patches13 Feb 2024 | 15
QNAP vulnerability disclosure ends up an utter shambles
Two new flaws, one zero-day, countless different patches, but everything's fine!
Patches13 Feb 2024 | 8
JetBrains urges swift patching of latest critical TeamCity flaw
Cloud version is safe, but no assurances offered about possible on-prem exploits
Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns
Updated Please stand by 73 hours for vendor response...*
Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Many versions still without fixes while sophisticated attackers bypass mitigations
Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
Vendor gets tangled in its own web of undisclosed vulnerabilities
Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
Ancient path traversal exploit offers remote attackers admin access
Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments
Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE
Patches22 Jan 2024 | 7
Windows Server 2022 patch is breaking apps for some users
Uninstall the update or edit the Windows registry to restore order
Patches17 Jan 2024 | 42
Patch now: Critical VMware, Atlassian flaws found
You didn't have anything else to do this Tuesday, right?
Patches16 Jan 2024 | 8
Thousands of Juniper Networks devices vulnerable to critical RCE bug
Yet more support for the argument to adopt memory-safe languages
Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
The bug with a perfect 10 severity score has been ripe for exploitation since May
Patches15 Jan 2024 | 21
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc
Patches12 Jan 2024 | 20
New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Nothing under exploit… The calm before the storm?
Patches09 Jan 2024 | 14
Facebook, Instagram now mine web links you visit to fuel targeted ads
Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities
Patches08 Jan 2024 | 20
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Seriously, people - please check the stuff you fetch more carefully
Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability
No need to panic, but grab those updates or mitigations anyway just to be safe
Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Microsoft bug hunters highlight weaknesses in source-wrangling suite
Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party
Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks
Two CVEs can be abused to steal sensitive info or execute code
Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
Windows Server 2022 update gave ESXi host VMs the blue screen blues
Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches
Patches16 Nov 2023 | 17
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patches15 Nov 2023 | 17
Intel emits patch to squash chip bug that lets any guest VM crash host servers
Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'
Patches14 Nov 2023 | 1
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Risk of ‘significant data loss’ for on-prem customers
Patches31 Oct 2023 | 2
Apple drops urgent patch against obtuse TriangleDB iPhone malware
Kaspersky first found this software nasty on its own phones
Patches26 Oct 2023 | 9
VMware reveals critical vCenter vuln that you may have patched already without knowing it
Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters
Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos
Do it now, no ifs or buts, says advisory
Patches17 Oct 2023 | 3
curl vulnerabilities ironed out with patches after week-long tease
Updated The coordinated disclosure didn’t quite go to plan, though
Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed
Patches10 Oct 2023 | 18
Fresh curl tomorrow will patch 'worst' security flaw in ages
Updated It’s bad, folks. Pair of CVEs incoming on October 11
Patches10 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals
Zero day? More like every day, amirite?
Patches05 Oct 2023 | 3
IT networks under attack via critical Confluence zero-day. Patch now
'Handful' of customers hit so far, public-facing instances at risk
Patches04 Oct 2023 | 16
Biting the hand that feeds IT
