Patch

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You’re going to want to patch this one

Patches18 Jul 2024 | 17

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu

Exclusive 'It seems like they really don't have a full grasp of what's going on with this patch'

Patches15 Jul 2024 | 11

Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday

Patch Tuesday Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Patches10 Jul 2024 | 19

Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server

About a thousand vulnerable instances still exposed online, we're told

Patches24 Jun 2024 | 9

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Specially crafted network packet could allow remote code execution and access to VM fleets

Patches18 Jun 2024 | 8

Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows

Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

CSO12 Jun 2024 | 7

POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw

You upgraded when this was fixed in April, right? Right??

Security07 Jun 2024 | 2

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

That backdoor's not meant to be there?

Patches05 Jun 2024 | 3

Three-year-old Apache Flink flaw under active attack

We know IT admins have busy schedules but c'mon

Patches24 May 2024 | 11

Got an unpatched LG 'smart' television? It could be watching you back

Four fatal flaws allow TV takeover

Security09 Apr 2024 | 42

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

CVE-2024-1086 turns the page tables on system admins

Patches29 Mar 2024 | 26

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Updated Vendor takes hardline approach to patch disclosure to new levels

Patches28 Mar 2024 | 14

Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'

Urgent patching advised to protect attacks against setup wizards

Security21 Feb 2024 | 6

Zoom stomps critical privilege escalation bug plus 6 other flaws

All desktop and mobile apps vulnerable to at least one of the vulnerabilities

Patches15 Feb 2024 |

Double trouble for Fortinet as it issues critical FortiSIEM vulns

Updated Please stand by 73 hours for vendor response...*

Patches06 Feb 2024 | 3

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

Many versions still without fixes while sophisticated attackers bypass mitigations

Patches31 Jan 2024 | 8

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process

Vendor gets tangled in its own web of undisclosed vulnerabilities

Patches30 Jan 2024 |

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug

Ancient path traversal exploit offers remote attackers admin access

Patches24 Jan 2024 | 1

Ivanti and Juniper Networks accused of bending the rules with CVE assignments

Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE

Patches22 Jan 2024 | 7

Patch now: Critical VMware, Atlassian flaws found

You didn't have anything else to do this Tuesday, right?

Patches16 Jan 2024 | 8

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Research16 Jan 2024 | 8

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

Seriously, people - please check the stuff you fetch more carefully

Patches21 Dec 2023 | 10

Before you go away for Xmas: You've patched that critical Perforce Server hole, right?

Microsoft bug hunters highlight weaknesses in source-wrangling suite

Patches19 Dec 2023 | 9

Ubiquiti blunder let some folks view others' security cameras, accounts

Cloud misconfig blamed and now fixed

Off-Prem15 Dec 2023 | 15

Two years on, 1 in 4 apps still vulnerable to Log4Shell

Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time

Research11 Dec 2023 | 11

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Two CVEs can be abused to steal sensitive info or execute code

Patches01 Dec 2023 | 2

Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes

Plus: 3 critical CVEs in Zyxel NAS devices

Security30 Nov 2023 | 3

'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in

At least two extortion gangs abusing CVE-2023-4966, we're told

Cyber-crime31 Oct 2023 | 3

Apple drops urgent patch against obtuse TriangleDB iPhone malware

Kaspersky first found this software nasty on its own phones

Patches26 Oct 2023 | 9

Citrix urges 'immediate' patch for critical NetScaler bug as exploit code made public

At this point, just assume your kit is compromised

Security24 Oct 2023 | 1

Cisco fixes critical IOS XE bug but malware crew way ahead of them

Initial fall in infected devices indicates evolution, not extinction, of attack code

Security23 Oct 2023 | 2

Windows 10's latest update issue isn't a bug but a feature – to test your patience

Some attempted installations of KB5031356 were reportedly stuck on 30% after 24 hours

OSes16 Oct 2023 | 53

curl vulnerabilities ironed out with patches after week-long tease

Updated The coordinated disclosure didn’t quite go to plan, though

Patches11 Oct 2023 | 16

Trio of TorchServe flaws means PyTorch users need an urgent upgrade

Meta, the project's maintainer, shrugs: We fixed it, let's move on

Security04 Oct 2023 | 2

Arm patches GPU driver bug exploited by spyware to snoop on targets

As Qualcomm warns of similar fixes coming for its chips

Cybersecurity Month03 Oct 2023 | 5

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab

Cybersecurity Month22 Sep 2023 | 6

Chrome, Firefox and more caught with their WebP down, offer hasty patch-up

Updated Exploit observed in the wild against codec lib in browsers, apps

Patches12 Sep 2023 | 9

Ivanti Sentry exploited in the wild, patches emitted

Good thing you're not exposing admin port 8443 to the world, right? Uh, right?

Patches22 Aug 2023 | 7

Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants'

What are these gadgets running, Windows? Ka-boom-tsch

Research11 Aug 2023 | 10

Microsoft hits back at Tenable criticism of its infosec practices

'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed

Security07 Aug 2023 | 5

Apple patches exploited bugs in iPhones plus other holes

One spotted by Amnesty International - wonder what that was used for?

Patches25 Jul 2023 | 13

MOVEit body count closes in on 400 orgs, 20M+ individuals

'One of the most significant hacks of recent years,' we're told

Cyber-crime20 Jul 2023 | 19

Quick: Manually patch this Zimbra bug that's under attack

Smells like Russian cyber spies (again)

Patches17 Jul 2023 | 3

You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug

That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?

Black Hat and DEF CON03 Jul 2023 | 13

Guess what happened to this US agency using outdated software?

Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities

Patches19 Jun 2023 | 16

Third MOVEit bug fixed a day after PoC exploit made public

Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data'

Patches16 Jun 2023 | 18

Chinese spies blamed for data-harvesting raids on Barracuda email gateways

Snoops 'aggressively targeted' specific govt, academic accounts

CSO15 Jun 2023 | 2

Fortinet squashes hijack-my-VPN bug in FortiOS gear

And it's already being exploited in the wild, probably

Patches12 Jun 2023 | 2

Barracuda tells its ESG owners to 'immediately' junk buggy kit

That patch we issued? Yeah, it wasn't enough

Security08 Jun 2023 | 12

Barracuda Email Security Gateways bitten by data thieves

Act now: Sea-themed backdoor malware injected via .tar-based hole

Patches31 May 2023 | 8

Apple pushes first-ever 'rapid' patch – and rapidly screws up

Maybe you're just installing it wrong?

Patches02 May 2023 | 43

Military helicopter crash blamed on failure to apply software patch

A rather nice beach in Australia now briefly hosted an unusual feature

Patches18 Apr 2023 | 49

Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit

Maybe this is deserved given the problem's in a hidden telnet service

Research22 Mar 2023 | 24

Suspected Chinese cyber spies target unpatched SonicWall devices

They've been lurking in networks since at least 2021

Security09 Mar 2023 | 2

Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws

You know the drill: patch before criminals use these bugs in vRealize to sniff your systems

Patches25 Jan 2023 |

Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole

Also: Yay for Data Privacy Day!

Security24 Jan 2023 | 14