Vulnerability

FreSSH bugs undiscovered for years threaten OpenSSH security

Exploit code now available for MitM and DoS attacks

Patches18 Feb 2025 | 16

Critical PostgreSQL bug tied to zero-day attack on US Treasury

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further

Research14 Feb 2025 | 21

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff

CSO13 Feb 2025 | 75

Apple warns 'extremely sophisticated attack' may be targeting iThings

Cupertino mostly uses bland language when talking security, so this sounds nasty

Security11 Feb 2025 | 23

Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

International security squads all focus on stopping baddies busting in through routers, IoT kit etc

Edge + IoT05 Feb 2025 | 4

SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

Big organizations and governments are main users of these gateways

Patches23 Jan 2025 | 10

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Turns out tool does both file transfers and security fixes fast

Patches17 Jan 2025 | 21

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used

Updated Ransomware 'not off the table,' Arctic Wolf threat hunter tells El Reg

Networks14 Jan 2025 | 26

Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

This is what happens when you publish PoCs immediately, hm?

Patches13 Jan 2025 | 1

Nominet probes network intrusion linked to Ivanti zero-day exploit

Unauthorized activity detected, but no backdoors found

Security13 Jan 2025 | 6

Zero-day exploits plague Ivanti Connect Secure appliances for second year running

Factory resets and apply patches is the advice amid fortnight delay for other appliances

Patches09 Jan 2025 | 2

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes

Security06 Jan 2025 | 5

UK ICO not happy with Google's plans to allow device fingerprinting

Infosec in brief Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Security23 Dec 2024 | 75

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

Patches12 Dec 2024 |

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Patches11 Dec 2024 | 2

US military grounds entire Osprey tiltrotor fleet over safety concerns

Boeing-Bell V-22 can't outfly its checkered past, it seems

Public Sector10 Dec 2024 | 89

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Research10 Dec 2024 |

OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

CSO09 Dec 2024 | 9

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

updated Still unpatched 100+ days later, watchTowr says

Cyber-crime06 Dec 2024 | 4

Perfect 10 directory traversal vuln hits SailPoint's IAM solution

Updated 20-year-old info disclosure class bug still pervades security software

Patches03 Dec 2024 | 6

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

QNAP and Veritas dump 30-plus vulns over the weekend

Updated Just what you want to find when you start a new week

Patches26 Nov 2024 | 2

'Alarming' security bugs lay low in Linux's needrestart utility for 10 years

Update now: Qualys says flaws give root to local users, 'easily exploitable', default in Ubuntu Server

Research21 Nov 2024 | 15

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

CSO20 Nov 2024 | 59

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Patches19 Nov 2024 | 4

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Patches13 Nov 2024 | 7

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

CSO12 Nov 2024 | 3

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum

Cyber-crime12 Nov 2024 | 2

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Ultra-Reliable Wireless Backhaul doesn't live up to its name

Patches07 Nov 2024 | 16

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

Mondays are for checking months of logs, apparently, if MFA's not enabled

Security04 Nov 2024 | 14

Admins better Spring into action over latest critical open source vuln

Patch up: The Spring framework dominates the Java ecosystem

Security29 Oct 2024 | 1

macOS HM Surf vuln might already be under exploit by major malware family

Like keeping your camera and microphone private? Patch up

Cybersecurity Month21 Oct 2024 | 16

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue

Cybersecurity Month14 Oct 2024 | 8

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Usual three-week window to address significant risks to federal agencies applies

Cybersecurity Month10 Oct 2024 |

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

Cybersecurity Month10 Oct 2024 | 26

Using iPhone Mirroring at work? You might have just overshared to your boss

What does IT glimpse but a dating app on your wee little screen

Software08 Oct 2024 | 27

Apple fixes bug that let VoiceOver shout your passwords

Not a great look when the iGiant just launched its first password manager

Cybersecurity Month04 Oct 2024 | 6

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4

NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline

Cybersecurity Month02 Oct 2024 | 8

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure

Cybersecurity Month02 Oct 2024 | 5

Rackspace internal monitoring web servers hit by zero-day

Exclusive Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry

Cybersecurity Month30 Sep 2024 | 10

That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

Final update No patches yet, can be mitigated, requires user interaction

Security26 Sep 2024 | 104

Ivanti patches exploited admin command execution flaw

Fears over chained attacks affecting EOL product

Patches20 Sep 2024 | 8

Feeld dating app's security too open-minded as private data swings into public view

No love for months-long wait to fix this, either

Research13 Sep 2024 | 8

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

SaaS seller sets severity to 'critical'

Patches12 Sep 2024 | 4

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Updated Infosec hounds say they spotted vulnerability during routine travel in the US

Research30 Aug 2024 | 28

AMD reverses course: Ryzen 3000 CPUs will get SinkClose patch after all

Still no love for 1000- or 2000-series

Systems20 Aug 2024 | 21

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

Windows giant tells Cisco Talos it isn't fixing them

Research19 Aug 2024 | 21

AMD won’t patch Sinkclose security bug on older Zen CPUs

Updated Kernel mode not good enough for you? Maybe you'll like SMM of this

Patches13 Aug 2024 | 14

If you give Copilot the reins, don't be surprised when it spills your secrets

Black Hat 'All of the defaults are insecure' Zenity CTO claims

Black Hat and DEF CON08 Aug 2024 | 18

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

Hundreds of thousands of users potentially vulnerable

Patches08 Aug 2024 | 23

Devices with insecure SSH services are everywhere, say infosec duo

Black Hat 'Serendipitous' discovery may have you second guessing your appliances

Black Hat and DEF CON07 Aug 2024 | 10

SAP Core AI bugs allowed access to internal network servers, say researchers

Black Hat Wiz infoseccers able to promote themselves from humble customer to full-blown admin

Black Hat and DEF CON06 Aug 2024 |

UK plans to revamp national cyber defense tools are already in motion

Work aims to build on the success of NCSC's 2016 initiative – and private sector will play a part

Cyber-crime02 Aug 2024 | 8

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

Get those patches applied – all the big dogs are abusing it

VMware Explore30 Jul 2024 | 18