Two years on, 1 in 4 apps still vulnerable to Log4Shell Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Research11 Dec 2023 | 6
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks Two CVEs can be abused to steal sensitive info or execute code Patches01 Dec 2023 | 2
Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes Plus: 3 critical CVEs in Zyxel NAS devices Security30 Nov 2023 | 3
'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in At least two extortion gangs abusing CVE-2023-4966, we're told Cyber-crime31 Oct 2023 | 3
Apple drops urgent patch against obtuse TriangleDB iPhone malware Kaspersky first found this software nasty on its own phones Patches26 Oct 2023 | 9
Citrix urges 'immediate' patch for critical NetScaler bug as exploit code made public At this point, just assume your kit is compromised Security24 Oct 2023 | 1
Cisco fixes critical IOS XE bug but malware crew way ahead of them Initial fall in infected devices indicates evolution, not extinction, of attack code Security23 Oct 2023 | 2
Windows 10's latest update issue isn't a bug but a feature – to test your patience Some attempted installations of KB5031356 were reportedly stuck on 30% after 24 hours OSes16 Oct 2023 | 53
curl vulnerabilities ironed out with patches after week-long tease Updated The coordinated disclosure didn’t quite go to plan, though Patches11 Oct 2023 | 16
Trio of TorchServe flaws means PyTorch users need an urgent upgrade Meta, the project's maintainer, shrugs: We fixed it, let's move on Security04 Oct 2023 | 2
Arm patches GPU driver bug exploited by spyware to snoop on targets As Qualcomm warns of similar fixes coming for its chips Cybersecurity Month03 Oct 2023 | 5
Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Cybersecurity Month22 Sep 2023 | 6
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up Updated Exploit observed in the wild against codec lib in browsers, apps Patches12 Sep 2023 | 10
Ivanti Sentry exploited in the wild, patches emitted Good thing you're not exposing admin port 8443 to the world, right? Uh, right? Patches22 Aug 2023 | 7
Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants' What are these gadgets running, Windows? Ka-boom-tsch Research11 Aug 2023 | 10
Microsoft hits back at Tenable criticism of its infosec practices 'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed Security07 Aug 2023 | 5
Apple patches exploited bugs in iPhones plus other holes One spotted by Amnesty International - wonder what that was used for? Patches25 Jul 2023 | 13
MOVEit body count closes in on 400 orgs, 20M+ individuals 'One of the most significant hacks of recent years,' we're told Cyber-crime20 Jul 2023 | 19
Quick: Manually patch this Zimbra bug that's under attack Smells like Russian cyber spies (again) Patches17 Jul 2023 | 3
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps? Black Hat and DEF CON03 Jul 2023 | 13
Guess what happened to this US agency using outdated software? Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Patches16 Jun 2023 | 18
Chinese spies blamed for data-harvesting raids on Barracuda email gateways Snoops 'aggressively targeted' specific govt, academic accounts CSO15 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear And it's already being exploited in the wild, probably Patches12 Jun 2023 | 2
Barracuda tells its ESG owners to 'immediately' junk buggy kit That patch we issued? Yeah, it wasn't enough Security08 Jun 2023 | 12
Barracuda Email Security Gateways bitten by data thieves Act now: Sea-themed backdoor malware injected via .tar-based hole Patches31 May 2023 | 8
Apple pushes first-ever 'rapid' patch – and rapidly screws up Maybe you're just installing it wrong? Patches02 May 2023 | 43
Military helicopter crash blamed on failure to apply software patch A rather nice beach in Australia now briefly hosted an unusual feature Patches18 Apr 2023 | 49
Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit Maybe this is deserved given the problem's in a hidden telnet service Research22 Mar 2023 | 24
Suspected Chinese cyber spies target unpatched SonicWall devices They've been lurking in networks since at least 2021 Security09 Mar 2023 | 2
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole Also: Yay for Data Privacy Day! Security24 Jan 2023 | 14
Thousands of Sophos firewalls still vulnerable out there to hijacking Updated As hundreds of staff axed this week Security18 Jan 2023 | 3
First Patch Tuesday of the year explodes with in-the-wild exploit fix Patch Tuesday Plus: Intel, Adobe, SAP and Android bugs Patches11 Jan 2023 | 20
Here's how to remotely take over a Ferrari...account, that is Connected cars. What could possibly go wrong? Security07 Jan 2023 | 86
Microsoft ain't the only one squashing exploited-in-the-wild bugs this month Patch Tuesday Plus there's a PoC for this unpatched Cisco bug Patches14 Dec 2022 | 11
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Take a break from the gaming and fix these now Patches01 Dec 2022 | 5
Sirius XM flaw unlocks so-called smart cars thanks to code flaw Telematics program doesn't just give you music, but a big security flaw Security30 Nov 2022 | 25
OpenSSL downgrades horror bug after week of panic, hype Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited Patches01 Nov 2022 | 3
Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware Broken code signature? LGTM, says Microsoft OS Patches01 Nov 2022 | 17
Sophos fixes critical firewall hole exploited by miscreants Code-injection bug in your network security... mmm, yum yum Patches28 Sep 2022 | 9
EU puts smart device manufacturers on the hook for cyber security Requires five years of patching, 24 hour incident reporting, and proper security … for starters Systems16 Sep 2022 | 69
One month after Black Hat disclosure, HP's enterprise kit still unpatched What could go wrong with leaving firmware open after world's biggest hacker convention talk? Security13 Sep 2022 | 12
Apple patches iPhone and macOS flaws under active attack High-value targets tend to get hit Security12 Sep 2022 | 13
Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers Grab and deploy this backend update if you offer even repo read access Patches29 Aug 2022 | 6
If you haven't patched Zimbra holes by now, assume you're toast Here's how to detect an intrusion via vulnerable email systems Patches23 Aug 2022 |
Google, Apple squash exploitable browser bugs Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation Patches17 Aug 2022 | 8
Palo Alto bug used for DDoS attacks and there's no fix yet There goes the weekend... Security12 Aug 2022 | 5
Warning! Critical flaws found in US Emergency Alert System DEF CON may be about to blow lid off security hole Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws Meanwhile, a security update for rsync Patches03 Aug 2022 | 1
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable Security27 Jul 2022 | 5
How a botched kernel patch broke Ubuntu – and why it may happen again Panic! at the distro OSes08 Jul 2022 | 41
How refactoring code in Safari's WebKit resurrected 'zombie' security bug Fixed in 2013, reinstated in 2016, exploited in the wild this year Research21 Jun 2022 | 14
Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina About 35-40% of iGiant's desktop OS installs potentially vulnerable, says Intego Patches06 Apr 2022 | 69
Adobe warns of second critical security hole in Adobe Commerce, Magento As sanctioned Russian infosec firm says it has working exploit code Security18 Feb 2022 | 19
VMware patches critical guest-to-host vulnerabilities Time to fix code like it's 2020 Virtualization17 Feb 2022 | 3
Microsoft patches Y2K-like bug that borked on-prem Exchange Server Happy New Year. Welcome back! Now apply this patch – which Microsoft warns isn't easy – if you want email to work Software03 Jan 2022 | 33
Expired cert breaks Windows 11 snipping tool, emoji panel, S Mode features, other stuff And we're talking about shipped code, not some Insider beta, here OSes04 Nov 2021 | 64
Patch now? Why enterprise exploits are still partying like it's 1999 Feature Am I only dreaming, or is this burning an Eternal Blue? Security08 Sep 2021 | 28
SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild 'Single threat actor' already abusing RCE flaw, Microsoft reports Security12 Jul 2021 | 9
Apple patches macOS flaw exploited by malware to secretly snap screenshots Bug can also be abused to record audio and video, access files – and iOS, iPadOS updated, too Security24 May 2021 | 12