IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

vulnerability

US security agency issues emergency alert over vulnerable VMware products
The VMware website as seen through a magnifying glass against a monitor
Security

US security agency issues emergency alert over vulnerable VMware products

A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government…
19 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Apple logo on the side of a building
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature
18 May 2022
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
An unlocked padlock resting on a keyboard in front of a red backdrop
Security

Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat

Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewa…
13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Image of a server rack with lens flare on the corner of the image
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Windows 11 and Windows 11 displayed on two different laptops
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

May 2022's routine Patch Tuesday fixes seven 'critical' issues, including a familiar headache for IT administrators
11 May 2022
Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks
Motherboard mockup
Security

Millions of Lenovo laptops thought to be vulnerable to newly discovered UEFI malware attacks

ESET researchers said the core vulnerabilities were 'easy' to spot due to "unfortunate" and "honest" driver names
20 Apr 2022
Microsoft announces lucrative new bug bounty awards for M365 products and services
Bug surrounding by computer code and jargon
Security

Microsoft announces lucrative new bug bounty awards for M365 products and services

The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
19 Apr 2022
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits

This month's round of patches is now available with some exploits proving to be particularly dangerous
13 Apr 2022
IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities
IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilitiesvideo
cyber security

IT Pro News In Review: The Works cyber attack, Lenovo recruitment drive, old macOS vulnerabilities

Catch up on the biggest headlines of the week in just two minutes
8 Apr 2022
Apple releases emergency patch fixing zero-days across iOS and macOS
Image of iPhone 13 on a white background
zero-day exploit

Apple releases emergency patch fixing zero-days across iOS and macOS

Flaws have been fixed on iPhones, iPads, and Macs, as well as undisclosed vulnerabilities on Apple TV and Apple Watch devices
1 Apr 2022
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
Cyber security represented by a digital screen with encryption data background
Security

Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert

With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
31 Mar 2022
Google patches second Chrome browser zero-day of 2022
Google Chrome logo on a Chromebook
zero-day exploit

Google patches second Chrome browser zero-day of 2022

Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
28 Mar 2022
Microsoft Patch Tuesday fixes Windows 11 system reset bug
Windows 11 and Windows 11 displayed on two different laptops
vulnerability

Microsoft Patch Tuesday fixes Windows 11 system reset bug

A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws
9 Mar 2022
China-backed hackers compromised six US government networks
A close up of a keyboard with graphics overlaid to represent cyber security and hacking
vulnerability

China-backed hackers compromised six US government networks

Mandiant researchers investigated APT41 activities between May 2021 and February 2022
9 Mar 2022
Mozilla patches two Firefox zero-day vulnerabilities
Firefox sign in front of a brick building
vulnerability

Mozilla patches two Firefox zero-day vulnerabilities

Memory bugs fixed in Firefox desktop and mobile browsers along with Mozilla's Thunderbird client
8 Mar 2022
Identity is key to stopping these five cyber security attacks
Whitepaper cover with a blurred image of a stack of data chipswhitepaper
Whitepaper

Identity is key to stopping these five cyber security attacks

Many attacks begin with the same weakness: user accounts
7 Mar 2022
Cisco patches critical bugs in collaboration products
A upward angled photo showing the Cisco logo suspended from the ceiling of a dark conference room
vulnerability

Cisco patches critical bugs in collaboration products

Attackers could exploit the flaw to run their own code on Cisco's video conferencing servers
3 Mar 2022
GitHub goes open source on security research
The GitHub sign outside its headquarters
Development

GitHub goes open source on security research

Community members, enthusiasts, researchers, and academics are now able to submit their own research to widen the understanding of security vulnerabil…
22 Feb 2022
Adobe forced to patch its own failed security update
An image of a building with the Adobe sign on the side, shot from below
bugs

Adobe forced to patch its own failed security update

Company issues new fix for e-commerce vulnerability after researchers bypass the original update
18 Feb 2022
GitHub launches code scanning tool for JavaScript and TypeScript projects
The GitHub sign in screen on a smartphone
Development

GitHub launches code scanning tool for JavaScript and TypeScript projects

The experimental, machine learning-powered feature aims to identify security vulnerabilities using open source expertise
18 Feb 2022
AWS' CodeGuru Reviewer updated to tackle Log4j
A red warning sign with the words Log4j underneath on a blue background of ones and zeros
cyber security

AWS' CodeGuru Reviewer updated to tackle Log4j

Amazon's code reviewer also now includes a library detailing every detector used by the platform
17 Feb 2022
Google Chrome update fixes zero-day under active exploitation
The Chrome app icon on a mobile phone display
vulnerability

Google Chrome update fixes zero-day under active exploitation

Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chrome
15 Feb 2022
Adobe patches critcal bug in e-commerce software
Adobe sign on a wall at its German offices
vulnerability

Adobe patches critcal bug in e-commerce software

The flaw, which allowed attackers to run their own code on websites, was being exploited in wild
14 Feb 2022