Apple squashes security bugs after iPhone flaws exploited by Predator spyware Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Patches22 Sep 2023 | 6
Grab those updates: Microsoft flings out fixes for already-exploited bugs Patch Tuesday Plus: Adobe and Android also tackle abused-in-the-wild flaws Patches12 Sep 2023 | 2
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up Updated Exploit observed in the wild against codec lib in browsers, apps Patches12 Sep 2023 | 10
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks We're number one! We're number one! We're... Patches05 Sep 2023 | 15
Ivanti Sentry exploited in the wild, patches emitted Good thing you're not exposing admin port 8443 to the world, right? Uh, right? Patches22 Aug 2023 | 7
Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild Updated About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile Patches17 Aug 2023 | 3
Magento shopping cart attack targets critical vulnerability revealed in early 2022 Really? You didn't bother to patch a 9.8 severity critical flaw? Patches11 Aug 2023 | 7
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks It's like a nesting doll of security flaws Patches09 Aug 2023 | 32
Microsoft, Intel lead this month's security fix emissions Patch Tuesday Downfall processor leaks, Teams holes, VPN clients at risk, and more Patches08 Aug 2023 | 8
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies Invaders already spent four or more months frolicking inside Norwegian government servers Patches03 Aug 2023 | 7
Sneaky Python package security fixes help no one – except miscreants Good thing these eggheads have created a database of patches Patches26 Jul 2023 | 10
Ivanti plugs critical bug – but not before it was used against Norwegian government Uncle Sam warns sysadmins to get patching as soon as possible Patches26 Jul 2023 | 5
Apple patches exploited bugs in iPhones plus other holes One spotted by Amnesty International - wonder what that was used for? Patches25 Jul 2023 | 13
Quick: Manually patch this Zimbra bug that's under attack Smells like Russian cyber spies (again) Patches17 Jul 2023 | 3
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more Patches11 Jul 2023 | 14
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps? Black Hat and DEF CON03 Jul 2023 | 13
A (cautionary) tale of two patched bugs, both exploited in the wild One affects VMware's monitoring tool and the other TP-Link routers Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware Snoops may be targeting macOS in addition to iPhones, Kaspersky says Patches21 Jun 2023 | 3
Guess what happened to this US agency using outdated software? Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data' Patches16 Jun 2023 | 18
The home Wi-Fi upgrade we never asked for is coming. The one we need is not 46Gbps to our sofas. At last, freedom from the nightmare of a mere 9.6
Google killing Basic HTML version of Gmail In January 2024 The blind think this is not a visionary decision
T-Mobile US exposes some customer data – but don't call it a breach Infosec in brief PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns
Microsoft hiring a nuclear power program manager, because AI needs lots of 'leccy Envisions a 'comprehensive small modular reactor and microreactor integration roadmap'
Dell allows DPUs to be retrofitted to older PowerEdge servers As VMware emits a significant update to the vSphere suite that wrangles the accelerators
No, no, no! Disco joke hit bum note in the rehab center who, me? Techie tried to dunk on a co-worker, and found himself absolutely soaking wet
Fujitsu to quit Tokyo HQ ASIA IN BRIEF PLUS: Micron breaks ground in India; Hong Kong goes for green fintech; Taiwan to launch first sub; and more
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh Plus: Adobe, SAP and Android push updates Patches13 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear And it's already being exploited in the wild, probably Patches12 Jun 2023 | 2
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit Patches01 Jun 2023 | 10
Barracuda Email Security Gateways bitten by data thieves Act now: Sea-themed backdoor malware injected via .tar-based hole Patches31 May 2023 | 8
Cisco squashes critical bugs in small biz switches You'll want to patch these as proof-of-concept exploit code is out there already Patches18 May 2023 |
Intel says Friday's mystery 'security update' microcode isn't really a security update We're all for encouraging people to squash bugs but this is an odd way to do it Patches15 May 2023 | 7
Why Microsoft just patched a patch that squashed an under-attack Outlook bug Let's take a quick dive into Windows API Patches12 May 2023 | 45
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual Patches09 May 2023 | 20
Apple pushes first-ever 'rapid' patch – and rapidly screws up Maybe you're just installing it wrong? Patches02 May 2023 | 43
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs Patches02 May 2023 | 1
Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention Two out of three public-facing app instances open to hijacking Patches25 Apr 2023 | 18
Military helicopter crash blamed on failure to apply software patch A rather nice beach in Australia now briefly hosted an unusual feature Patches18 Apr 2023 | 49
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug Plus Google, SAP, Adobe and Cisco emit fixes Patches11 Apr 2023 | 9
Apple squashes iOS, macOS zero-day bugs already exploited by snoops Keep calm and install patches before abuse becomes widespread Patches10 Apr 2023 | 1
Apple patches all the iThings, including iOS 15 hole under attack right now Issue identified in February but owners of older kit weren't warned Patches28 Mar 2023 | 11
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Patches17 Mar 2023 | 40
Microsoft: Patch this severe Outlook bug that Russian miscreants exploited Patch Tuesday Plus: Fixes for SAP, Adobe. Android, Chrome Patches14 Mar 2023 | 38
Microsoft squashes Windows bug exploited to inflict ransomware misery Not-so-smart SmartScreen flagged up by Googlers Patches14 Mar 2023 | 5
Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution Patches17 Feb 2023 | 8
VMware, Windows 11 shafted by Windows Server 2022 Updated OS won't start on some systems with ESXi VMs, while Win11 updates may not make it to devices Patches16 Feb 2023 | 18
Intel patches up SGX best it can after another load of security holes found Plus bugs squashed in Server Platform Services and more Patches15 Feb 2023 | 4
Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack Gone in 60 seconds using a USB-A plug and brute force instead of a key Patches15 Feb 2023 | 55
Apple splats zero-day bug, other gremlins in macOS, iOS WebKit flaw 'may have been exploited' – just like Tim Cook 'may have' made a million bucks this week Patches15 Feb 2023 | 7
Microsoft sweeps up after breaking .NET with December security updates XPS doc display issues fixed – until the next patch, at least Patches01 Feb 2023 | 3
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 14
Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws You know the drill: patch before criminals use these bugs in vRealize to sniff your systems Patches25 Jan 2023 |
Russians say they can grab software from Intel again And Windows updates from Microsoft, too Patches14 Jan 2023 | 52
Microsoft fixes Windows database connections it broke in November January Patch Tuesday update resolves issue caused by Patch Tuesday update late in '22 Patches11 Jan 2023 | 3
First Patch Tuesday of the year explodes with in-the-wild exploit fix Patch Tuesday Plus: Intel, Adobe, SAP and Android bugs Patches11 Jan 2023 | 20
Microsoft fixes Hyper-V VM problem caused by Patch Tuesday The emergency OOB release should solve those frustrating failures Patches21 Dec 2022 | 2
Patch Tuesday update is causing some Windows 10 systems to blue screen Microsoft issues a workaround for problem while it works on a fix Patches20 Dec 2022 | 51
Patch Tuesday updates spark errors when creating Hyper-V VMs Something's broken, mom! Microsoft offers workaround while trying to think up a fix Patches14 Dec 2022 | 10
Microsoft ain't the only one squashing exploited-in-the-wild bugs this month Patch Tuesday Plus there's a PoC for this unpatched Cisco bug Patches14 Dec 2022 | 11
Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Take a break from the gaming and fix these now Patches01 Dec 2022 | 5
Windows Server domain controllers may stop, restart after recent updates Microsoft outlines a workaround while pulling together a fix to LSASS memory leak Patches28 Nov 2022 | 20
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers Emergency out-of-band updates to the rescue Patches21 Nov 2022 | 36
VMware warns of three critical holes in remote-control tool Anyone can pretend to be your Windows IT support and take command of staff devices Patches09 Nov 2022 |
Microsoft squashes six security bugs already exploited in the wild Patch Tuesday Plus: Fixes from Intel, AMD, Citrix and more Patches09 Nov 2022 | 5
OpenSSL downgrades horror bug after week of panic, hype Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited Patches01 Nov 2022 | 3
Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware Broken code signature? LGTM, says Microsoft OS Patches01 Nov 2022 | 17
Cisco AnyConnect Windows client under active attack Make sure you're patched – and update VMware Cloud Foundation, too, by the way Patches26 Oct 2022 | 7
Microsoft realizes it hasn't updated list of banned dodgy Windows 10 drivers in years Hope no one was relying on that to block threats, er, yeah? Patches26 Oct 2022 | 13
CISA warns of security holes in industrial Advantech, Hitachi kit When we concede that everything has bugs, we wish it wasn't quite everything Patches20 Oct 2022 | 2
It’s Patch Tuesday and still no fix for ProxyNotShell Microsoft Exchange holes Patch Tuesday And for bonus points, there's a Windows flaw under active exploit Patches11 Oct 2022 | 21
Fortinet warns of critical flaw in its security appliance OSes, admin panels Naturally, they're already under attack – so you know what to do next Patches11 Oct 2022 | 15
Make your neighbor think their house is haunted by blinking their Ikea smart bulbs Radio comms vulnerabilities detailed Patches08 Oct 2022 | 54
Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree Some days, security just feels like a total illusion. OK, most days... Patches04 Oct 2022 | 7
Sophos fixes critical firewall hole exploited by miscreants Code-injection bug in your network security... mmm, yum yum Patches28 Sep 2022 | 9
Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects Oh cool, a 5,500-day security hole Patches22 Sep 2022 | 53
WordPress-powered sites backdoored after FishPig suffers supply chain attack And two other security snafus in this web publishing world Patches15 Sep 2022 | 18
Microsoft fixes Windows security hole likely widely exploited by miscreants Patch Tuesday Plus: Nasty no-auth RCE in TCP/IP stack, Adobe flaws, and many more updates Patches13 Sep 2022 | 14
Google urges open source community to fuzz test code We'll even get our checkbook out, web giant says Patches08 Sep 2022 | 10
Go programming language arrives at security warnings that are useful Low-noise tool hopes to highlight vulnerabilities imported into projects Patches06 Sep 2022 | 6
Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers Grab and deploy this backend update if you offer even repo read access Patches29 Aug 2022 | 6
80,000 internet-connected cameras still vulnerable after critical patch offered Just more IoT conscripts for the botnet armies Patches24 Aug 2022 | 15
If you haven't patched Zimbra holes by now, assume you're toast Here's how to detect an intrusion via vulnerable email systems Patches23 Aug 2022 |
Google, Apple squash exploitable browser bugs Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation Patches17 Aug 2022 | 8
Warning! Critical flaws found in US Emergency Alert System DEF CON may be about to blow lid off security hole Patches05 Aug 2022 | 14
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws Meanwhile, a security update for rsync Patches03 Aug 2022 | 1
Atlassian reveals critical flaws in almost everything it makes and touches Fixes issued, warns it 'has not exhaustively enumerated all potential consequences' Patches21 Jul 2022 | 13
Homeland Security warns: Expect Log4j risks for 'a decade or longer' Great, another thing that's gone endemic Patches14 Jul 2022 | 12
X.org servers update closes 2 security holes, adds neat component tweaks Arbitrary code execution flaws in the X Keyboard Extension were bad news Patches13 Jul 2022 | 7
Microsoft's July Patch Tuesday fixes actively exploited bug Patch Tuesday No, Windows Autopatch didn't kill the monthly patchapalooza Patches12 Jul 2022 | 8
Take the day off: Windows Autopatch is live and can even fix cloudy PCs But first, there's a whole lot of AD and Intune prep to be done Patches12 Jul 2022 | 13
Google updates Chrome to squash actively exploited WebRTC Zero Day How sad – this looks like a fine excuse to avoid video conferences for a while Patches05 Jul 2022 | 10
OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw Updated Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution Patches27 Jun 2022 | 10
Cisco warns of security holes in its security appliances Bugs potentially useful for rogue insiders, admin account hijackers Patches22 Jun 2022 | 11
Microsoft fixes under-attack Windows zero-day Follina Patch Tuesday Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs Patches15 Jun 2022 | 4
Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence Updated One option: Take the thing offline until Friday patch applied Patches03 Jun 2022 | 20
CIOs largely believe their software supply chain is vulnerable Internal bureaucracy and barriers hold up roll out of defenses, report finds Patches31 May 2022 | 3
Ransomware attack sends US county back to 1977 In brief Also: Uni details its malware-catching AI, signs of China poking the Russian cyber-bear, and more Patches29 May 2022 | 8
Talos names eight deadly sins in widely used industrial software Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS) Patches27 May 2022 | 6
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware Google Project Zero blows lid off bug involving that old chestnut: XML parsing Patches24 May 2022 | 4
Screencastify fixes bug that would have let rogue websites spy on webcams Updated School-friendly Chrome extension still not fully protected, privacy guru warns Patches24 May 2022 | 3
If you've got Intel inside, you probably need to get these security patches inside, too So. Many. BIOS. Bugs Patches12 May 2022 | 9
Microsoft closes Windows LSA hole under active attack Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy Patches11 May 2022 | 8
F5, Cisco admins: Stop what you're doing and check if you need to install these patches Updated BIG-IP iControl authentication bypass, NFV VM escape, and more Patches06 May 2022 | 6
Critical vulnerabilities found in 'millions of Aruba and Avaya switches' Airports, hospitals, hotels, and more need to deploy patches for hijack bugs Patches03 May 2022 | 31