Four in five Apache Struts 2 downloads are for versions featuring critical flaw
Seriously, people - please check the stuff you fetch more carefully
Patches21 Dec 2023 | 10
Patches
SSH shaken, not stirred by Terrapin vulnerability
No need to panic, but grab those updates or mitigations anyway just to be safe
Patches20 Dec 2023 | 14
Before you go away for Xmas: You've patched that critical Perforce Server hole, right?
Microsoft bug hunters highlight weaknesses in source-wrangling suite
Patches19 Dec 2023 | 9
Final Patch Tuesday of 2023 goes out with a bang
Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party
Patches13 Dec 2023 | 10
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks
Two CVEs can be abused to steal sensitive info or execute code
Patches01 Dec 2023 | 2
Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods
Mitigations require mix of updating libraries and manual customer action
Patches27 Nov 2023 | 8
OpenCart owner turns air blue after researcher discloses serious vuln
Web storefront maker fixed the flaw, but not before blasting infoseccer
Patches24 Nov 2023 | 48
Windows Server 2022 update gave ESXi host VMs the blue screen blues
Wild idea: Maybe Microsoft could introduce a Quality Copilot to stop pushing broken patches
Patches16 Nov 2023 | 17
Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patches15 Nov 2023 | 17
Intel emits patch to squash chip bug that lets any guest VM crash host servers
Sapphire Rapids, Alder Lake, Raptor Lake chip families treated for 'Redundant Prefix'
Patches14 Nov 2023 | 1
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Risk of ‘significant data loss’ for on-prem customers
Patches31 Oct 2023 | 2
Apple drops urgent patch against obtuse TriangleDB iPhone malware
Kaspersky first found this software nasty on its own phones
Patches26 Oct 2023 | 9
VMware reveals critical vCenter vuln that you may have patched already without knowing it
Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters
Patches25 Oct 2023 | 4
US cybercops urge admins to patch amid ongoing Confluence chaos
Do it now, no ifs or buts, says advisory
Patches17 Oct 2023 | 3
curl vulnerabilities ironed out with patches after week-long tease
Updated The coordinated disclosure didn’t quite go to plan, though
Patches11 Oct 2023 | 16
It's 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
Patch Tuesday Happy Halloween! Security bugs under attack squashed, more flaws fixed
Patches10 Oct 2023 | 18
Fresh curl tomorrow will patch 'worst' security flaw in ages
Updated It’s bad, folks. Pair of CVEs incoming on October 11
Patches10 Oct 2023 | 11
Another security update, Apple? You're really keeping up with your tech rivals
Zero day? More like every day, amirite?
Patches05 Oct 2023 | 3
IT networks under attack via critical Confluence zero-day. Patch now
'Handful' of customers hit so far, public-facing instances at risk
Patches04 Oct 2023 | 16
Make-me-root 'Looney Tunables' security hole on Linux needs your attention
What's up, Doc? Try elevated permissions
Patches04 Oct 2023 | 47
Now MOVEit maker Progress patches holes in WS_FTP
Infosec in brief Plus: Johnson Controls hit by IT 'incident', Exim and Chrome security updates, and more
Patches01 Oct 2023 | 9
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab
Cybersecurity Month22 Sep 2023 | 6
Grab those updates: Microsoft flings out fixes for already-exploited bugs
Patch Tuesday Plus: Adobe and Android also tackle abused-in-the-wild flaws
Patches12 Sep 2023 | 5
Chrome, Firefox and more caught with their WebP down, offer hasty patch-up
Updated Exploit observed in the wild against codec lib in browsers, apps
Patches12 Sep 2023 | 9
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks
We're number one! We're number one! We're...
Patches05 Sep 2023 | 15
Ivanti Sentry exploited in the wild, patches emitted
Good thing you're not exposing admin port 8443 to the world, right? Uh, right?
Patches22 Aug 2023 | 7
Don't just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
Updated About 2,000 NetScaler installations feared compromised as CISA raises alarm over ShareFile
Patches17 Aug 2023 | 3
Magento shopping cart attack targets critical vulnerability revealed in early 2022
Really? You didn't bother to patch a 9.8 severity critical flaw?
Patches11 Aug 2023 | 7
Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
It's like a nesting doll of security flaws
Patches09 Aug 2023 | 32
Microsoft, Intel lead this month's security fix emissions
Patch Tuesday Downfall processor leaks, Teams holes, VPN clients at risk, and more
Patches08 Aug 2023 | 8
Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies
Invaders already spent four or more months frolicking inside Norwegian government servers
Patches03 Aug 2023 | 7
Sneaky Python package security fixes help no one – except miscreants
Good thing these eggheads have created a database of patches
Patches26 Jul 2023 | 10
Ivanti plugs critical bug – but not before it was used against Norwegian government
Uncle Sam warns sysadmins to get patching as soon as possible
Patches26 Jul 2023 | 5
Apple patches exploited bugs in iPhones plus other holes
One spotted by Amnesty International - wonder what that was used for?
Patches25 Jul 2023 | 13
Quick: Manually patch this Zimbra bug that's under attack
Smells like Russian cyber spies (again)
Patches17 Jul 2023 | 3
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws
Patch Tuesday Plus: Apple bungles another rapid security response; important ICS updates land; and more
Patches11 Jul 2023 | 14
You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug
That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?
Black Hat and DEF CON03 Jul 2023 | 13
A (cautionary) tale of two patched bugs, both exploited in the wild
One affects VMware's monitoring tool and the other TP-Link routers
Patches21 Jun 2023 | 8
Apple squashes kernel bug used by TriangleDB spyware
Snoops may be targeting macOS in addition to iPhones, Kaspersky says
Patches21 Jun 2023 | 3
Guess what happened to this US agency using outdated software?
Infosec in brief Also: Hackers target security researchers, MaaS model flourishing, and this week's vulnerabilities
Patches19 Jun 2023 | 16
Third MOVEit bug fixed a day after PoC exploit made public
Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data'
Patches16 Jun 2023 | 18
June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Plus: Adobe, SAP and Android push updates
Patches13 Jun 2023 | 2
Fortinet squashes hijack-my-VPN bug in FortiOS gear
And it's already being exploited in the wild, probably
Patches12 Jun 2023 | 2
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
Time to MOVEit, MOVEit. We don't like to MOVEit, MOVEit
Patches01 Jun 2023 | 10
Barracuda Email Security Gateways bitten by data thieves
Act now: Sea-themed backdoor malware injected via .tar-based hole
Patches31 May 2023 | 8
Cisco squashes critical bugs in small biz switches
You'll want to patch these as proof-of-concept exploit code is out there already
Patches18 May 2023 |
Intel says Friday's mystery 'security update' microcode isn't really a security update
We're all for encouraging people to squash bugs but this is an odd way to do it
Patches15 May 2023 | 7
Why Microsoft just patched a patch that squashed an under-attack Outlook bug
Let's take a quick dive into Windows API
Patches12 May 2023 | 45
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual
Patches09 May 2023 | 20
WordPress plugin hole puts '2 million websites' at risk
XSS marks the spot
Patches08 May 2023 | 17
Apple pushes first-ever 'rapid' patch – and rapidly screws up
Maybe you're just installing it wrong?
Patches02 May 2023 | 43
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs
Patches02 May 2023 | 1
Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention
Two out of three public-facing app instances open to hijacking
Patches25 Apr 2023 | 18
Military helicopter crash blamed on failure to apply software patch
A rather nice beach in Australia now briefly hosted an unusual feature
Patches18 Apr 2023 | 49
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug
Plus Google, SAP, Adobe and Cisco emit fixes
Patches11 Apr 2023 | 9
Apple squashes iOS, macOS zero-day bugs already exploited by snoops
Keep calm and install patches before abuse becomes widespread
Patches10 Apr 2023 | 1
Apple patches all the iThings, including iOS 15 hole under attack right now
Issue identified in February but owners of older kit weren't warned
Patches28 Mar 2023 | 11
Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs
Four flaws open mobiles, cars to remote-control at baseband level with just a phone number
Patches17 Mar 2023 | 40
Microsoft: Patch this severe Outlook bug that Russian miscreants exploited
Patch Tuesday Plus: Fixes for SAP, Adobe. Android, Chrome
Patches14 Mar 2023 | 38
Microsoft squashes Windows bug exploited to inflict ransomware misery
Not-so-smart SmartScreen flagged up by Googlers
Patches14 Mar 2023 | 5
Biting the hand that feeds IT
