exploits

El Salvador becomes latest target of Pegasus spyware
The Apple logo displayed on a store building in Washington, DC
spyware

El Salvador becomes latest target of Pegasus spyware

The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran…
13 Jan 2022
Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn
A front view of a Lenovo ThinkPad store in Beijing, China
exploits

Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn

A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers
17 Dec 2021
Log4Shell: New numbers reveal the scale of the critical software exploit
Abstract image of stacked broken egg shells
zero-day exploit

Log4Shell: New numbers reveal the scale of the critical software exploit

Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most
15 Dec 2021
Researchers warn of increase in attacks against Zoho software
An image of a digital padlock with code around it
cyber security

Researchers warn of increase in attacks against Zoho software

It's believed as much as 62% of ServiceDesk Plus instances globally are using vulnerable software versions
3 Dec 2021
FBI email server hacked to send fake cyber attack alerts
FBI headquarters on Pennsylvania avenue sign with traffic reflections at night
cyber security

FBI email server hacked to send fake cyber attack alerts

An attacker exploited the system misconfiguration to send legitimate-looking cyber security alerts to partners
15 Nov 2021
Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack
A photograph of the Samsung Galaxy S21 5G's camera array
hacking

Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack

UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"
5 Nov 2021
Microsoft Exchange Servers are being used to distribute Qakbot malware
A laptop on a table with the Microsoft Exchange logo displayed
ransomware

Microsoft Exchange Servers are being used to distribute Qakbot malware

Exploiting an unpatched Exchange Server vulnerability and a less-than-foolproof malicious URL strategy is leading to mounting infections in businesses
2 Nov 2021
Critical vulnerability discovered in popular CI/CD framework
Red lock unlocked among several blue locked locks
cyber security

Critical vulnerability discovered in popular CI/CD framework

Flaw in GoCD software delivery pipeline thought to have affected a host of NGOs and Fortune 500 companies
29 Oct 2021
WordPress plugin exploit puts over 90,000 sites at risk
A user with WordPress on their desktop computer
vulnerability

WordPress plugin exploit puts over 90,000 sites at risk

Security firm Wordfence recommends users of the Brizy Page Builder plugin upgrade to the latest version immediately
14 Oct 2021
Weekly threat roundup: Microsoft Patch Tuesday, HP Omen, Apple
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
exploits

Weekly threat roundup: Microsoft Patch Tuesday, HP Omen, Apple

Pulling together the most dangerous and pressing flaws that businesses need to patch
16 Sep 2021
Microsoft patches Internet Explorer zero-day under active attack
Bug surrounding by computer code and jargon
vulnerability

Microsoft patches Internet Explorer zero-day under active attack

The latest wave of Patch Tuesday fixes also included several updates to address the Print Spooler component in Windows
15 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
A close-up of the Apple iPhone 12 mini's notch
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

The ForcedEntry flaw affects all Apple devices and allows hackers to compromise systems without any user interaction
14 Sep 2021
Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine

Pulling together the most dangerous and pressing flaws that businesses need to patch
9 Sep 2021
Hackers exploit Windows zero-day to target users with Office files
The Microsoft Word software on a computer screen
vulnerability

Hackers exploit Windows zero-day to target users with Office files

This ‘reliable and dangerous’ flaw is being abused to launch remote code execution attacks against specific targets
8 Sep 2021
US officials warn of “mass exploitation” of Atlassian Confluence flaw
The Atlassian logo on the website seen through a magnifying glass
hacking

US officials warn of “mass exploitation” of Atlassian Confluence flaw

Hackers can exploit the workplace collaboration platform to execute arbitrary code remotely
6 Sep 2021
Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB

Pulling together the most dangerous and pressing flaws that businesses need to patch
2 Sep 2021
Microsoft Exchange Server flaw lets attackers misconfigure mailboxes
A laptop on a table with the Microsoft Exchange logo displayed
vulnerability

Microsoft Exchange Server flaw lets attackers misconfigure mailboxes

Microsoft has patched the ProxyToken vulnerability before any evidence of exploitation has emerged
31 Aug 2021
Weekly threat roundup: Ethereum, Razer mice, Cisco
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Ethereum, Razer mice, Cisco

Pulling together the most dangerous and pressing flaws that businesses need to patch
26 Aug 2021
Weekly threat roundup: Blackberry QNX, Cisco VPNs, Fortinet firewalls
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Blackberry QNX, Cisco VPNs, Fortinet firewalls

Pulling together the most dangerous and pressing flaws that businesses need to patch
19 Aug 2021
What's behind the explosion in zero-day exploits?
A figure in a hooded jumper against a red and blue background
zero-day exploit

What's behind the explosion in zero-day exploits?

Projections show the industry will detect almost three times as many exploits in 2021 as were found last year
3 Aug 2021
Top 30 most exploited vulnerabilities since 2020 revealed
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
exploits

Top 30 most exploited vulnerabilities since 2020 revealed

UK, US, and Australian security agencies reveal the systems businesses need to patch now to prevent continued exploitation
29 Jul 2021
Weekly threat roundup: Windows 11, Cloudflare, Google Chrome
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Weekly threat roundup: Windows 11, Cloudflare, Google Chrome

Pulling together the most dangerous and pressing flaws that businesses need to patch
22 Jul 2021
Weekly threat roundup: SolarWinds, Microsoft, SonicWall
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
exploits

Weekly threat roundup: SolarWinds, Microsoft, SonicWall

Pulling together the most dangerous and pressing flaws that businesses need to patch
15 Jul 2021