IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

exploits

Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release
Mozilla company logo on a building
vulnerability

Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release

Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeover
23 Sep 2022
WordPress plugin vulnerability leaves sites open to total takeover
A silhouette of a hand holding a phone displaying the WordPress logo, with a world map drawn in green code in the background
vulnerability

WordPress plugin vulnerability leaves sites open to total takeover

Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay
14 Sep 2022
Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs
Motherboard mockup
exploits

Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs

Researchers revealed the details of the six vulnerabilities at Black Hat in August but many laptops, desktops, and workstations remain vulnerable
12 Sep 2022
HP patches high-severity security flaw in its own support tool
Top-down picture of HP Spectre 13 laptop
exploits

HP patches high-severity security flaw in its own support tool

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
8 Sep 2022
Zoom patches privilege escalation flaw for macOS users
A telephoto shot of the Zoom logo on a glass building, with blue sky above
Security

Zoom patches privilege escalation flaw for macOS users

Threat actors were able to use the application’s updater to distribute malicious files at superuser level
16 Aug 2022
Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday

The second-biggest security update released by Microsoft this year featured 17 critical-rated RCEs and privilege escalation bugs
10 Aug 2022
Malware operators abusing Windows shortcuts to bypass VBA macro block
Skull depicted in code
exploits

Malware operators abusing Windows shortcuts to bypass VBA macro block

The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection technique
5 Aug 2022
GPS tracker exploit puts the world's most high-value individuals in real-world danger
A hacker against a red background
hacking

GPS tracker exploit puts the world's most high-value individuals in real-world danger

Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets …
20 Jul 2022
How to protect against 'endemic' Log4j vulnerabilities
A mockup of the log4j Java library logo
cyber security

How to protect against 'endemic' Log4j vulnerabilities

A US government report details a series of recommendations to help counter the Log4Shell flaw in the long term
15 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
A graphic of a red CPU with a white skull and crossbones on it, placed upon a grey background
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

‘Retbleed’ threatens a wide range of microprocessors, using a vector thought safe that adds to its problematic nature
13 Jul 2022
Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows
Microsoft Office 365 image, with a magnifying glass over Microsoft Word
zero-day exploit

Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows

Microsoft has published a support guide and temporary workarounds for IT admins to mitigate the threat
1 Jun 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Apple logo on the side of a building
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature
18 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Windows 11 and Windows 11 displayed on two different laptops
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

May 2022's routine Patch Tuesday fixes seven 'critical' issues, including a familiar headache for IT administrators
11 May 2022
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits

This month's round of patches is now available with some exploits proving to be particularly dangerous
13 Apr 2022
Microsoft Patch Tuesday fixes Windows 11 system reset bug
Windows 11 and Windows 11 displayed on two different laptops
vulnerability

Microsoft Patch Tuesday fixes Windows 11 system reset bug

A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws
9 Mar 2022
Google doubles bug bounty rewards for Linux, Kubernetes exploits
Mockup of a stethoscope treating a keyboard, symbolising a computer bug patch
zero-day exploit

Google doubles bug bounty rewards for Linux, Kubernetes exploits

The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
16 Feb 2022
12-year-old Linux root privilege flaw has been "hiding in plain sight"
Linux on a blue background with a circuit-board-like graphic
Linux

12-year-old Linux root privilege flaw has been "hiding in plain sight"

Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patches
26 Jan 2022
El Salvador becomes latest target of Pegasus spyware
The Apple logo displayed on a store building in Washington, DC
spyware

El Salvador becomes latest target of Pegasus spyware

The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran…
13 Jan 2022
Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn
A front view of a Lenovo ThinkPad store in Beijing, China
exploits

Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn

A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers
17 Dec 2021
Log4Shell: New numbers reveal the scale of the critical software exploit
Abstract image of stacked broken egg shells
zero-day exploit

Log4Shell: New numbers reveal the scale of the critical software exploit

Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most
15 Dec 2021
Researchers warn of increase in attacks against Zoho software
An image of a digital padlock with code around it
cyber security

Researchers warn of increase in attacks against Zoho software

It's believed as much as 62% of ServiceDesk Plus instances globally are using vulnerable software versions
3 Dec 2021
FBI email server hacked to send fake cyber attack alerts
FBI headquarters on Pennsylvania avenue sign with traffic reflections at night
cyber security

FBI email server hacked to send fake cyber attack alerts

An attacker exploited the system misconfiguration to send legitimate-looking cyber security alerts to partners
15 Nov 2021
Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack
A photograph of the Samsung Galaxy S21 5G's camera array
hacking

Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack

UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"
5 Nov 2021