IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

vulnerability

NSA: Phase out memory-unsafe languages like C and C++
A close up shot of a computer screen showing lines of programming code
programming languages

NSA: Phase out memory-unsafe languages like C and C++

The US agency advises organisations to begin using languages like Rust, Java, and Swift
11 Nov 2022
Lenovo patches ThinkPad, Yoga, IdeaPad UEFI secure boot vulnerability
The Lenovo logo on a laptop, against a black background
vulnerability

Lenovo patches ThinkPad, Yoga, IdeaPad UEFI secure boot vulnerability

Mistakenly used drivers could allow hackers to modify the secure boot process
10 Nov 2022
GitHub launches private vulnerability reporting to secure the software supply chain
Welcome sign at GitHub Universe 2022
Security

GitHub launches private vulnerability reporting to secure the software supply chain

The new platform aims to simplify vulnerability disclosure and minimise instances where researchers avoid reporting out of personal convenience
10 Nov 2022
OpenSSL 3.0 vulnerability: Patch released for security scare
Binary code
vulnerability

OpenSSL 3.0 vulnerability: Patch released for security scare

The severity has been downgraded from 'critical' to 'high' and comparisons to Heartbleed have been quashed
1 Nov 2022
Major security exploits expected to rise before New Year
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
vulnerability

Major security exploits expected to rise before New Year

Supply chain attacks are also expected to increase, along with affiliate programmes becoming more popular
1 Nov 2022
Second-ever OpenSSL critical vulnerability teased, 10 years after Heartbleed
Bright blue code appearing on screen to denote hacking
Security

Second-ever OpenSSL critical vulnerability teased, 10 years after Heartbleed

All OpenSSL versions beyond 3.0 are at risk, with more details due to be released alongside a patch on 1 November
28 Oct 2022
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
The Apple logo on a glass storefront in Ireland
zero-day exploit

Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws

The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code exec…
25 Oct 2022
Undetectable PowerShell backdoor discovered hiding as Windows update
Two screens showing computer code with a red box displaying the word 'PowerShell'
vulnerability

Undetectable PowerShell backdoor discovered hiding as Windows update

SafeBreach researchers identified the backdoor, which they say went undetected on all major antivirus programs
19 Oct 2022
Office 365's encryption feature can be easily hacked, warns WithSecure
A hand pressing a phone with the Office 365 logo shown on it, with the Office 365 logo on an orange wall in the background
encryption

Office 365's encryption feature can be easily hacked, warns WithSecure

Researchers advise enterprises to move away from Office 365 Message Encryption, claiming its messages can be decrypted without a key
19 Oct 2022
Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes
The Fortinet logo on a phone, with blue binary code in the background
Security

Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes

A large number of customers have yet to apply mitigations necessary to avoid the critical vulnerability
18 Oct 2022
Microsoft still searching for zero-day fixes following Patch Tuesday
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft still searching for zero-day fixes following Patch Tuesday

ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches
12 Oct 2022
Boeing 737 MAX: You can no longer escape liability due to poor code
The Boeing logo on an tablet on a desk with a US flag and plant pot
Development

Boeing 737 MAX: You can no longer escape liability due to poor code

Known vulnerabilities in Boeing’s flight software led to two fatal crashes, as well as a landmark decision with major ramifications for software devel…
8 Oct 2022
Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours
Microsoft Exchange logo displayed on a laptop
zero-day exploit

Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours

The string of problematic temporary fixes for ‘ProxyNotShell’ grows longer after a 'confusing' and 'atypical' week-long vulnerability disclosure proce…
7 Oct 2022
CISA issues fresh orders to polish security vulnerability detection in federal agencies
The White House pictured in front of a sunset
Security

CISA issues fresh orders to polish security vulnerability detection in federal agencies

The move marks the latest step in the cyber security authority's ongoing ambition to minimise the government's exposure to attacks
6 Oct 2022
US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools
A digital render of a blue padlock fragmenting into a cloud of data
vulnerability

US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools

In a joint advisory, US security groups have warned the prolonged campaign showed new strategies in play, with the vector still unknown
5 Oct 2022
GitHub alerts users to active phishing campaign
The GitHub sign in screen on a smartphone
phishing

GitHub alerts users to active phishing campaign

The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policy
23 Sep 2022
1.1 million Tesla cars recalled over software glitch
Tesla sign with logo
vulnerability

1.1 million Tesla cars recalled over software glitch

The mass recall is prompted by a flaw in the vehicles' automatic window reversal system
23 Sep 2022
Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release
Mozilla company logo on a building
vulnerability

Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release

Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeover
23 Sep 2022
15-year-old vulnerability found in Python module
A screenshot of the Python programming language
vulnerability

15-year-old vulnerability found in Python module

Hundreds of thousands of repositories have been found to be exposed to the vulnerability
22 Sep 2022
Wintermute loses $162 million in DeFi hack
binary on a screen with words 'hacking attack'
hacking

Wintermute loses $162 million in DeFi hack

A vulnerability in the vanity address generator Profanity led to the attack
21 Sep 2022
WordPress plugin vulnerability leaves sites open to total takeover
A silhouette of a hand holding a phone displaying the WordPress logo, with a world map drawn in green code in the background
vulnerability

WordPress plugin vulnerability leaves sites open to total takeover

Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay
14 Sep 2022
Trend Micro cautions against actively exploited Apex One RCE vulnerability
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
Security

Trend Micro cautions against actively exploited Apex One RCE vulnerability

The firm also patched a high severity security flaw that lets perpetrators bypass authentication
14 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
Security

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

Several issues in the monthly update require 'urgent' attention but September's Patch Tuesday only brings around half the fixes that came in August
14 Sep 2022