Crims found and exploited these two Microsoft bugs before Redmond fixed 'em
Patch Tuesday SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android
Patches14 Feb 2024 | 5
Patches
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
Updated 'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge
Patches13 Feb 2024 | 15
QNAP vulnerability disclosure ends up an utter shambles
Two new flaws, one zero-day, countless different patches, but everything's fine!
Patches13 Feb 2024 | 8
JetBrains urges swift patching of latest critical TeamCity flaw
Cloud version is safe, but no assurances offered about possible on-prem exploits
Patches07 Feb 2024 |
Double trouble for Fortinet as it issues critical FortiSIEM vulns
Updated Please stand by 73 hours for vendor response...*
Patches06 Feb 2024 | 3
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Many versions still without fixes while sophisticated attackers bypass mitigations
Patches31 Jan 2024 | 8
Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process
Vendor gets tangled in its own web of undisclosed vulnerabilities
Patches30 Jan 2024 |
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
Ancient path traversal exploit offers remote attackers admin access
Patches24 Jan 2024 | 1
Ivanti and Juniper Networks accused of bending the rules with CVE assignments
Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE
Patches22 Jan 2024 | 7
Windows Server 2022 patch is breaking apps for some users
Uninstall the update or edit the Windows registry to restore order
Patches17 Jan 2024 | 42
Patch now: Critical VMware, Atlassian flaws found
You didn't have anything else to do this Tuesday, right?
Patches16 Jan 2024 | 8
Thousands of Juniper Networks devices vulnerable to critical RCE bug
Yet more support for the argument to adopt memory-safe languages
Patches15 Jan 2024 | 13
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
The bug with a perfect 10 severity score has been ripe for exploitation since May
Patches15 Jan 2024 | 21
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc
Patches12 Jan 2024 | 20
New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Nothing under exploit… The calm before the storm?
Patches09 Jan 2024 | 14
Facebook, Instagram now mine web links you visit to fuel targeted ads
Infosec in brief Also: Twitter hijackings, BEC arrest, and critical vulnerabilities
Patches08 Jan 2024 | 20
Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Seriously, people - please check the stuff you fetch more carefully
Patches21 Dec 2023 | 10
SSH shaken, not stirred by Terrapin vulnerability
No need to panic, but grab those updates or mitigations anyway just to be safe
Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Microsoft bug hunters highlight weaknesses in source-wrangling suite
Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party
Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks
Two CVEs can be abused to steal sensitive info or execute code
Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
Windows Server 2022 update gave ESXi host VMs the blue screen blues
Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches
Patches16 Nov 2023 | 17
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patches15 Nov 2023 | 17
Intel emits patch to squash chip bug that lets any guest VM crash host servers
Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'
Patches14 Nov 2023 | 1
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Risk of ‘significant data loss’ for on-prem customers
Patches31 Oct 2023 | 2
Apple drops urgent patch against obtuse TriangleDB iPhone malware
Kaspersky first found this software nasty on its own phones
Patches26 Oct 2023 | 9
VMware reveals critical vCenter vuln that you may have patched already without knowing it
Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters
Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos
Do it now, no ifs or buts, says advisory
Patches17 Oct 2023 | 3
curl vulnerabilities ironed out with patches after week-long tease
Updated The coordinated disclosure didn’t quite go to plan, though
Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed
Patches10 Oct 2023 | 18
Fresh curl tomorrow will patch 'worst' security flaw in ages
Updated It’s bad, folks. Pair of CVEs incoming on October 11
Patches10 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals
Zero day? More like every day, amirite?
Patches05 Oct 2023 | 3
IT networks under attack via critical Confluence zero-day. Patch now
'Handful' of customers hit so far, public-facing instances at risk
Patches04 Oct 2023 | 16
Make-me-root 'Looney Tunables' security hole on Linux needs your attention
What's up, Doc? Try elevated permissions
Patches04 Oct 2023 | 47
Now MOVEit maker Progress patches holes in WS_FTP
Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more
Patches01 Oct 2023 | 9
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab
Cybersecurity Month22 Sep 2023 | 6
Grab those updates: Microsoft flings out fixes for already-exploited bugs
Patch Tuesday Plus: Adobe and Android also tackle abused-in-the-wild flaws
Patches12 Sep 2023 | 5
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up
Updated Exploit observed in the wild against codec lib in browsers, apps
Patches12 Sep 2023 | 9
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks
We're number one! We're number one! We're...
Patches05 Sep 2023 | 15
Ivanti Sentry exploited in the wild, patches emitted
Good thing you're not exposing admin port 8443 to the world, right? Uh, right?
Patches22 Aug 2023 | 7
Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
Updated About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile
Patches17 Aug 2023 | 3
Magento shopping cart attack targets critical vulnerability revealed in early 2022
Really? You didn't bother to patch a 9.8 severity critical flaw?
Patches11 Aug 2023 | 7
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
It's like a nesting doll of security flaws
Patches09 Aug 2023 | 32
Microsoft, Intel lead this month's security fix emissions
Patch Tuesday Downfall processor leaks, Teams holes, VPN clients at risk, and more
Patches08 Aug 2023 | 8
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies
Invaders already spent four or more months frolicking inside Norwegian government servers
Patches03 Aug 2023 | 7
Sneaky Python package security fixes help no one – except miscreants
Good thing these eggheads have created a database of patches
Patches26 Jul 2023 | 10
Ivanti plugs critical bug – but not before it was used against Norwegian government
Uncle Sam warns sysadmins to get patching as soon as possible
Patches26 Jul 2023 | 5
Apple patches exploited bugs in iPhones plus other holes
One spotted by Amnesty International - wonder what that was used for?
Patches25 Jul 2023 | 13
Quick: Manually patch this Zimbra bug that's under attack
Smells like Russian cyber spies (again)
Patches17 Jul 2023 | 3
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws
Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more
Patches11 Jul 2023 | 14
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug
That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?
Black Hat and DEF CON03 Jul 2023 | 13
A (cautionary) tale of two patched bugs, both exploited in the wild
One affects VMware's monitoring tool and the other TP-Link routers
Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware
Snoops may be targeting macOS in addition to iPhones, Kaspersky says
Patches21 Jun 2023 | 3
Guess what happened to this US agency using outdated software?
Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities
Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public
Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data'
Patches16 Jun 2023 | 18
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Plus: Adobe, SAP and Android push updates
Patches13 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear
And it's already being exploited in the wild, probably
Patches12 Jun 2023 | 2
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit
Patches01 Jun 2023 | 10
Biting the hand that feeds IT
