Batten down the hatches, it's time to patch some more MOVEit bugs
Exploit attempts for ‘devastating’ vulnerabilities already underway
Patches26 Jun 2024 | 8
Patches
Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server
About a thousand vulnerable instances still exposed online, we're told
Patches24 Jun 2024 | 8
VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug
Specially crafted network packet could allow remote code execution and access to VM fleets
Patches18 Jun 2024 | 8
Ransomware crew may have exploited Windows make-me-admin bug as a zero-day
Symantec suggests Black Basta crew beat Microsoft to the patch
Malware Month12 Jun 2024 | 2
Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows
Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack
CSO12 Jun 2024 | 5
7-year-old Oracle WebLogic bug under active exploitation
Experts say Big Red will probably re-release patch in an upcoming cycle
Malware Month06 Jun 2024 | 6
Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes
That backdoor's not meant to be there?
Patches05 Jun 2024 | 3
Three-year-old Apache Flink flaw under active attack
We know IT admins have busy schedules but c'mon
Patches24 May 2024 | 11
Veeam says critical flaw can't be abused to trash backups
It's still a rough one, so patch up
Patches23 May 2024 | 1
GitHub Enterprise Server patches 10-outta-10 critical hole
On the bright side, someone made up to $30,000+ for finding it
Patches22 May 2024 | 3
Uncle Sam to inject $50M into auto-patcher for hospital IT
Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever
Public Sector22 May 2024 | 33
Microsoft fixes a bug abused in QakBot attacks plus a second under exploit
Plus: Google Chrome, Apple bugs also exploited in the wild
Patches14 May 2024 | 3
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick off
Patches14 May 2024 | 4
The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching
More work to do as most deadlines are missed and worst bugs still take months to fix
Patches07 May 2024 |
Patch up – 4 critical bugs in ArubaOS lead to remote code execution
Ten vulnerabilities in total for admins to apply
Patches02 May 2024 | 4
Open source programming language R patches gnarly arbitrary code exec flaw
Updated An ACE in the hole for miscreants
Patches01 May 2024 | 1
Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims
'I want to buy a car. That's all'
Cyber-crime18 Apr 2024 | 6
Delinea Secret Server customers should apply latest patches
Updated Attackers could nab an org's most sensitive keys if left unaddressed
Patches15 Apr 2024 | 3
Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways
Out of the PAN-OS and into the firewall, a Python backdoor this way comes
Cyber-crime12 Apr 2024 | 13
It's 2024 and Intel silicon is still haunted by data-spilling Spectre
Go, go InSpectre Gadget
Research10 Apr 2024 | 23
Popular
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately
Scripts turn malicious, infects webpages after mysterious CDN swallows domain
Microsoft blamed for million-plus patient record theft at US hospital giant
Updated Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing
British Airways blames T5 luggage chaos on fault 'outside of our control'
Exclusive It was Vodafone, basically
Julian Assange pleads guilty, leaves courtroom a free man
Now, about that bill for the private jet that's taking him home to Australia …
Microsoft makes it harder to avoid OneDrive during new Windows 11 installs
Hey, OneDrive! Leave my files alone
Organized crime and domestic violence perps are big buyers of tracking devices
Australian study finds GPS trackers – and sometimes AirTags – are in demand for the wrong reasons
Resource burden of electric vehicles set to triple by 2050
Experts say 'circular economy strategies' could keep demand at 2015 levels
Microsoft founder Paul Allen's tech museum closes, sells off collection
Letter from Einstein, vintage space suit, and ancient computers all up for sale
Apple tells emulator developers it's OK with retro games – not entire OSes
Updated We sure hope this won't upset European regulators given how great their relationship is with Apple right now
OpenAI to pull plug on 'unsupported' nations – cough, China – from July 9
It’s not entirely clear what actions the ChatGPT maker plans to take, if any
STORIES
Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib
BatBadBut hits Erlang, Go, Python, Ruby as well
Patches10 Apr 2024 | 57
Microsoft squashes SmartScreen security bypass bug exploited in the wild
Patch Tuesday Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates
Security10 Apr 2024 | 22
Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
CVE-2024-1086 turns the page tables on system admins
Patches29 Mar 2024 | 26
JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat
Updated Vendor takes hardline approach to patch disclosure to new levels
Patches28 Mar 2024 | 14
Nvidia's newborn ChatRTX bot patched for security bugs
Flaws enable privilege escalation and remote code execution
Patches28 Mar 2024 | 1
These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb
One might say this is a wurst case scenario
Patches28 Mar 2024 | 44
'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw
Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders
CSO27 Mar 2024 | 14
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug
A huge attack surface for a vulnerability with various PoCs available
Patches18 Mar 2024 | 2
March Patch Tuesday sees Hyper-V join the guest-host escape club
Patch Tuesday Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet
Patches13 Mar 2024 | 9
JetBrains is still mad at Rapid7 for the ransomware attacks on its customers
War of words wages on between vendors divided
Patches12 Mar 2024 | 12
Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes
Plus: CISA pulls plug on couple of systems feared compromised
Cyber-crime08 Mar 2024 | 2
Apple's trademark tight lips extend to new iPhone, iPad zero-days
Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4
Patches06 Mar 2024 |
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'
Updated Exploits began within hours of the original disclosure, so patch now
Patches05 Mar 2024 | 37
That home router botnet the Feds took down? Moscow's probably going to try again
Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs
Security28 Feb 2024 | 37
Zoom stomps critical privilege escalation bug plus 6 other flaws
All desktop and mobile apps vulnerable to at least one of the vulnerabilities
Patches15 Feb 2024 |
Crims found and exploited these two Microsoft bugs before Redmond fixed 'em
Patch Tuesday SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android
Patches14 Feb 2024 | 5
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
Updated 'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge
Patches13 Feb 2024 | 15
QNAP vulnerability disclosure ends up an utter shambles
Two new flaws, one zero-day, countless different patches, but everything's fine!
Patches13 Feb 2024 | 8
JetBrains urges swift patching of latest critical TeamCity flaw
Cloud version is safe, but no assurances offered about possible on-prem exploits
Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns
Updated Please stand by 73 hours for vendor response...*
Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Many versions still without fixes while sophisticated attackers bypass mitigations
Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
Vendor gets tangled in its own web of undisclosed vulnerabilities
Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
Ancient path traversal exploit offers remote attackers admin access
Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments
Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE
Patches22 Jan 2024 | 7
Windows Server 2022 patch is breaking apps for some users
Uninstall the update or edit the Windows registry to restore order
Patches17 Jan 2024 | 42
Patch now: Critical VMware, Atlassian flaws found
You didn't have anything else to do this Tuesday, right?
Patches16 Jan 2024 | 8
Thousands of Juniper Networks devices vulnerable to critical RCE bug
Yet more support for the argument to adopt memory-safe languages
Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
The bug with a perfect 10 severity score has been ripe for exploitation since May
Patches15 Jan 2024 | 21
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc
Patches12 Jan 2024 | 20
New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Nothing under exploit… The calm before the storm?
Patches09 Jan 2024 | 14
Facebook, Instagram now mine web links you visit to fuel targeted ads
Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities
Patches08 Jan 2024 | 20
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Seriously, people - please check the stuff you fetch more carefully
Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability
No need to panic, but grab those updates or mitigations anyway just to be safe
Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Microsoft bug hunters highlight weaknesses in source-wrangling suite
Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party
Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks
Two CVEs can be abused to steal sensitive info or execute code
Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
Windows Server 2022 update gave ESXi host VMs the blue screen blues
Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches
Patches16 Nov 2023 | 17
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patches15 Nov 2023 | 17
Intel emits patch to squash chip bug that lets any guest VM crash host servers
Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'
Patches14 Nov 2023 | 1
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Risk of ‘significant data loss’ for on-prem customers
Patches31 Oct 2023 | 2
Apple drops urgent patch against obtuse TriangleDB iPhone malware
Kaspersky first found this software nasty on its own phones
Patches26 Oct 2023 | 9
VMware reveals critical vCenter vuln that you may have patched already without knowing it
Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters
Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos
Do it now, no ifs or buts, says advisory
Patches17 Oct 2023 | 3
curl vulnerabilities ironed out with patches after week-long tease
Updated The coordinated disclosure didn’t quite go to plan, though
Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed
Patches10 Oct 2023 | 18
Fresh curl tomorrow will patch 'worst' security flaw in ages
Updated It’s bad, folks. Pair of CVEs incoming on October 11
Patches10 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals
Zero day? More like every day, amirite?
Patches05 Oct 2023 | 3
IT networks under attack via critical Confluence zero-day. Patch now
'Handful' of customers hit so far, public-facing instances at risk
Patches04 Oct 2023 | 16
Make-me-root 'Looney Tunables' security hole on Linux needs your attention
What's up, Doc? Try elevated permissions
Patches04 Oct 2023 | 47
Now MOVEit maker Progress patches holes in WS_FTP
Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more
Patches01 Oct 2023 | 9
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab
Cybersecurity Month22 Sep 2023 | 6
Grab those updates: Microsoft flings out fixes for already-exploited bugs
Patch Tuesday Plus: Adobe and Android also tackle abused-in-the-wild flaws
Patches12 Sep 2023 | 5
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up
Updated Exploit observed in the wild against codec lib in browsers, apps
Patches12 Sep 2023 | 9
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks
We're number one! We're number one! We're...
Patches05 Sep 2023 | 15
Ivanti Sentry exploited in the wild, patches emitted
Good thing you're not exposing admin port 8443 to the world, right? Uh, right?
Patches22 Aug 2023 | 7
Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
Updated About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile
Patches17 Aug 2023 | 3
Magento shopping cart attack targets critical vulnerability revealed in early 2022
Really? You didn't bother to patch a 9.8 severity critical flaw?
Patches11 Aug 2023 | 7
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
It's like a nesting doll of security flaws
Patches09 Aug 2023 | 32
Microsoft, Intel lead this month's security fix emissions
Patch Tuesday Downfall processor leaks, Teams holes, VPN clients at risk, and more
Patches08 Aug 2023 | 8
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies
Invaders already spent four or more months frolicking inside Norwegian government servers
Patches03 Aug 2023 | 7
Sneaky Python package security fixes help no one – except miscreants
Good thing these eggheads have created a database of patches
Patches26 Jul 2023 | 10
Ivanti plugs critical bug – but not before it was used against Norwegian government
Uncle Sam warns sysadmins to get patching as soon as possible
Patches26 Jul 2023 | 5
Apple patches exploited bugs in iPhones plus other holes
One spotted by Amnesty International - wonder what that was used for?
Patches25 Jul 2023 | 13
Quick: Manually patch this Zimbra bug that's under attack
Smells like Russian cyber spies (again)
Patches17 Jul 2023 | 3
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws
Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more
Patches11 Jul 2023 | 14
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug
That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?
Black Hat and DEF CON03 Jul 2023 | 13
A (cautionary) tale of two patched bugs, both exploited in the wild
One affects VMware's monitoring tool and the other TP-Link routers
Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware
Snoops may be targeting macOS in addition to iPhones, Kaspersky says
Patches21 Jun 2023 | 3
Guess what happened to this US agency using outdated software?
Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities
Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public
Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data'
Patches16 Jun 2023 | 18
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Plus: Adobe, SAP and Android push updates
Patches13 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear
And it's already being exploited in the wild, probably
Patches12 Jun 2023 | 2
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit
Patches01 Jun 2023 | 10
Barracuda Email Security Gateways bitten by data thieves
Act now: Sea-themed backdoor malware injected via .tar-based hole
Patches31 May 2023 | 8
Cisco squashes critical bugs in small biz switches
You'll want to patch these as proof-of-concept exploit code is out there already
Patches18 May 2023 |
Intel says Friday's mystery 'security update' microcode isn't really a security update
We're all for encouraging people to squash bugs but this is an odd way to do it
Patches15 May 2023 | 7
Why Microsoft just patched a patch that squashed an under-attack Outlook bug
Let's take a quick dive into Windows API
Patches12 May 2023 | 45
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual
Patches09 May 2023 | 20
Biting the hand that feeds IT
