vulnerability
US security agency issues emergency alert over vulnerable VMware products

US security agency issues emergency alert over vulnerable VMware products
A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government…
19 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off

Researchers demonstrate how to install malware on iPhone after it's switched off
The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature
18 May 2022
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat

Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewa…
13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies

Windows Server admins say latest Patch Tuesday broke authentication policies
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
May 2022's routine Patch Tuesday fixes seven 'critical' issues, including a familiar headache for IT administrators
11 May 2022
Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks

Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks
ESET researchers said the core vulnerabilities were 'easy' to spot due to "unfortunate" and "honest" driver names
20 Apr 2022
Microsoft announces lucrative new bug bounty awards for M365 products and services

Microsoft announces lucrative new bug bounty awards for M365 products and services
The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
19 Apr 2022
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits

Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
This month's round of patches is now available with some exploits proving to be particularly dangerous
13 Apr 2022
Apple releases emergency patch fixing zero-days across iOS and macOS

Apple releases emergency patch fixing zero-days across iOS and macOS
Flaws have been fixed on iPhones, iPads, and Macs, as well as undisclosed vulnerabilities on Apple TV and Apple Watch devices
1 Apr 2022
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert

Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
31 Mar 2022
Google patches second Chrome browser zero-day of 2022

Google patches second Chrome browser zero-day of 2022
Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
28 Mar 2022
Microsoft Patch Tuesday fixes Windows 11 system reset bug 

Microsoft Patch Tuesday fixes Windows 11 system reset bug
A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws
9 Mar 2022
China-backed hackers compromised six US government networks

China-backed hackers compromised six US government networks
Mandiant researchers investigated APT41 activities between May 2021 and February 2022
9 Mar 2022
Mozilla patches two Firefox zero-day vulnerabilities 

Mozilla patches two Firefox zero-day vulnerabilities
Memory bugs fixed in Firefox desktop and mobile browsers along with Mozilla's Thunderbird client
8 Mar 2022
Identity is key to stopping these five cyber security attacks
Identity is key to stopping these five cyber security attacks
Many attacks begin with the same weakness: user accounts
7 Mar 2022
Cisco patches critical bugs in collaboration products

Cisco patches critical bugs in collaboration products
Attackers could exploit the flaw to run their own code on Cisco's video conferencing servers
3 Mar 2022
GitHub goes open source on security research

GitHub goes open source on security research
Community members, enthusiasts, researchers, and academics are now able to submit their own research to widen the understanding of security vulnerabil…
22 Feb 2022
Adobe forced to patch its own failed security update

Adobe forced to patch its own failed security update
Company issues new fix for e-commerce vulnerability after researchers bypass the original update
18 Feb 2022
GitHub launches code scanning tool for JavaScript and TypeScript projects

GitHub launches code scanning tool for JavaScript and TypeScript projects
The experimental, machine learning-powered feature aims to identify security vulnerabilities using open source expertise
18 Feb 2022
AWS' CodeGuru Reviewer updated to tackle Log4j

AWS' CodeGuru Reviewer updated to tackle Log4j
Amazon's code reviewer also now includes a library detailing every detector used by the platform
17 Feb 2022
Google Chrome update fixes zero-day under active exploitation

Google Chrome update fixes zero-day under active exploitation
Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chrome
15 Feb 2022
Adobe patches critcal bug in e-commerce software 

Adobe patches critcal bug in e-commerce software
The flaw, which allowed attackers to run their own code on websites, was being exploited in wild
14 Feb 2022