Patch

Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

SYSTEM-level command injection via API parameter *chef's kiss*

Patches24 Jan 2025 | 4

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

No in-the-wild exploits … yet

Patches23 Jan 2025 |

Asus lets processor security fix slip out early, AMD confirms patch in progress

Updated Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean

Patches23 Jan 2025 | 11

Oracle emits 603 patches, names one it wants you to worry about soon

Old flaws that keep causing trouble haunt Big Red

Patches23 Jan 2025 |

Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day

Seven days after disclosure and little action taken, data shows

Patches21 Jan 2025 | 3

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Security08 Jan 2025 | 4

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

Patches17 Dec 2024 | 3

Zabbix urges upgrades after critical SQL injection bug disclosure

US agencies blasted 'unforgivable' SQLi flaws earlier this year

Patches29 Nov 2024 | 7

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Virtualization18 Nov 2024 | 4

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Plus a bonus hard-coded local API key

Patches14 Nov 2024 |

Five Eyes infosec agencies list 2023's most exploited software flaws

Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns

CSO14 Nov 2024 | 28

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Patches13 Nov 2024 | 7

Windows Themes zero-day bug exposes users to NTLM credential theft

Plus a free micropatch until Redmond fixes the flaw

Security30 Oct 2024 | 7

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

Who doesn't love abusing buggy appliances, really?

Software24 Oct 2024 | 3

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Security23 Oct 2024 |

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

If the first patches don't work, try, try again

Patches22 Oct 2024 | 2

Critical default credential in Kubernetes Image Builder allows SSH root access

It's called leaving the door wide open – especially in Proxmox

Security16 Oct 2024 | 12

Microsoft issues 117 patches – some for flaws already under attack

Patch Tuesday Plus: SAP re-patches a failed patch for critical-rated flaw

Cybersecurity Month08 Oct 2024 | 6

Qualcomm urges device makers to push patches after 'targeted' exploitation

Given Amnesty's involvement, it's a safe bet spyware is in play

Patches08 Oct 2024 |

Apple fixes bug that let VoiceOver shout your passwords

Not a great look when the iGiant just launched its first password manager

Cybersecurity Month04 Oct 2024 | 6

Patch now: Critical Nvidia bug allows container escape, complete host takeover

33% of cloud environments using the toolkit impacted, we're told

Patches26 Sep 2024 | 18

10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks

Thousands of devices remain vulnerable, US most exposed to the threat

Security24 Sep 2024 | 18

VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation

Bug reports made in China

Virtualization17 Sep 2024 | 1

Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security

Two critical holes including hardcoded admin credential

Security05 Sep 2024 | 9

SolarWinds left critical hardcoded credentials in its Web Help Desk product

Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway

CSO22 Aug 2024 | 18

You probably want to patch this critical GitHub Enterprise Server bug now

Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code

Patches21 Aug 2024 |

Google splats device-hijacking exploited-in-the-wild Android kernel bug among others

And Qualcomm addresses 'permanent denial of service' flaw in its stuff

Patches06 Aug 2024 | 8

Progress discloses second critical flaw in Telerik Report Server in as many months

These are the kinds of bugs APTs thrive on, just ask the Feds

Patches26 Jul 2024 | 1

Life, interrupted: How CrowdStrike's patch failure is messing up the world

Oh, was it supposed to be Y2K24?

Software19 Jul 2024 | 117

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You’re going to want to patch this one

Patches18 Jul 2024 | 17

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu

Exclusive 'It seems like they really don't have a full grasp of what's going on with this patch'

Patches15 Jul 2024 | 11

Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday

Patch Tuesday Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Patches10 Jul 2024 | 19

Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server

About a thousand vulnerable instances still exposed online, we're told

Patches24 Jun 2024 | 9

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

Specially crafted network packet could allow remote code execution and access to VM fleets

Patches18 Jun 2024 | 8

Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows

Patch Tuesday Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack

CSO12 Jun 2024 | 7

POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw

You upgraded when this was fixed in April, right? Right??

Security07 Jun 2024 | 2

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

That backdoor's not meant to be there?

Patches05 Jun 2024 | 3

Three-year-old Apache Flink flaw under active attack

We know IT admins have busy schedules but c'mon

Patches24 May 2024 | 11

Got an unpatched LG 'smart' television? It could be watching you back

Four fatal flaws allow TV takeover

Security09 Apr 2024 | 42

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

CVE-2024-1086 turns the page tables on system admins

Patches29 Mar 2024 | 26

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Updated Vendor takes hardline approach to patch disclosure to new levels

Patches28 Mar 2024 | 14

Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'

Urgent patching advised to protect attacks against setup wizards

Security21 Feb 2024 | 6

Zoom stomps critical privilege escalation bug plus 6 other flaws

All desktop and mobile apps vulnerable to at least one of the vulnerabilities

Patches15 Feb 2024 |

Double trouble for Fortinet as it issues critical FortiSIEM vulns

Updated Please stand by 73 hours for vendor response...*

Patches06 Feb 2024 | 3

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

Many versions still without fixes while sophisticated attackers bypass mitigations

Patches31 Jan 2024 | 8

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process

Vendor gets tangled in its own web of undisclosed vulnerabilities

Patches30 Jan 2024 |

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug

Ancient path traversal exploit offers remote attackers admin access

Patches24 Jan 2024 | 1

Ivanti and Juniper Networks accused of bending the rules with CVE assignments

Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE

Patches22 Jan 2024 | 7

Patch now: Critical VMware, Atlassian flaws found

You didn't have anything else to do this Tuesday, right?

Patches16 Jan 2024 | 8

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

Updated Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Research16 Jan 2024 | 8

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

Seriously, people - please check the stuff you fetch more carefully

Patches21 Dec 2023 | 10

Before you go away for Xmas: You've patched that critical Perforce Server hole, right?

Microsoft bug hunters highlight weaknesses in source-wrangling suite

Patches19 Dec 2023 | 9

Ubiquiti blunder let some folks view others' security cameras, accounts

Cloud misconfig blamed and now fixed

Off-Prem15 Dec 2023 | 15

Two years on, 1 in 4 apps still vulnerable to Log4Shell

Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time

Research11 Dec 2023 | 11

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Two CVEs can be abused to steal sensitive info or execute code

Patches01 Dec 2023 | 2

Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes

Plus: 3 critical CVEs in Zyxel NAS devices

Security30 Nov 2023 | 3