IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

vulnerability

Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
The Apple logo on a glass storefront in Ireland
zero-day exploit

Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws

The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code exec…
25 Oct 2022
Undetectable PowerShell backdoor discovered hiding as Windows update
Two screens showing computer code with a red box displaying the word 'PowerShell'
vulnerability

Undetectable PowerShell backdoor discovered hiding as Windows update

SafeBreach researchers identified the backdoor, which they say went undetected on all major antivirus programs
19 Oct 2022
Office 365's encryption feature can be easily hacked, warns WithSecure
A hand pressing a phone with the Office 365 logo shown on it, with the Office 365 logo on an orange wall in the background
encryption

Office 365's encryption feature can be easily hacked, warns WithSecure

Researchers advise enterprises to move away from Office 365 Message Encryption, claiming its messages can be decrypted without a key
19 Oct 2022
Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes
The Fortinet logo on a phone, with blue binary code in the background
Security

Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes

A large number of customers have yet to apply mitigations necessary to avoid the critical vulnerability
18 Oct 2022
Microsoft still searching for zero-day fixes following Patch Tuesday
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft still searching for zero-day fixes following Patch Tuesday

ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches
12 Oct 2022
Boeing 737 MAX: You can no longer escape liability due to poor code
The Boeing logo on an tablet on a desk with a US flag and plant pot
Development

Boeing 737 MAX: You can no longer escape liability due to poor code

Known vulnerabilities in Boeing’s flight software led to two fatal crashes, as well as a landmark decision with major ramifications for software devel…
8 Oct 2022
Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours
Microsoft Exchange logo displayed on a laptop
zero-day exploit

Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours

The string of problematic temporary fixes for ‘ProxyNotShell’ grows longer after a 'confusing' and 'atypical' week-long vulnerability disclosure proce…
7 Oct 2022
CISA issues fresh orders to polish security vulnerability detection in federal agencies
The White House pictured in front of a sunset
Security

CISA issues fresh orders to polish security vulnerability detection in federal agencies

The move marks the latest step in the cyber security authority's ongoing ambition to minimise the government's exposure to attacks
6 Oct 2022
US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools
A digital render of a blue padlock fragmenting into a cloud of data
vulnerability

US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools

In a joint advisory, US security groups have warned the prolonged campaign showed new strategies in play, with the vector still unknown
5 Oct 2022
GitHub alerts users to active phishing campaign
The GitHub sign in screen on a smartphone
phishing

GitHub alerts users to active phishing campaign

The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policy
23 Sep 2022
1.1 million Tesla cars recalled over software glitch
Tesla sign with logo
vulnerability

1.1 million Tesla cars recalled over software glitch

The mass recall is prompted by a flaw in the vehicles' automatic window reversal system
23 Sep 2022
Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release
Mozilla company logo on a building
vulnerability

Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release

Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeover
23 Sep 2022
15-year-old vulnerability found in Python module
A screenshot of the Python programming language
vulnerability

15-year-old vulnerability found in Python module

Hundreds of thousands of repositories have been found to be exposed to the vulnerability
22 Sep 2022
Wintermute loses $162 million in DeFi hack
binary on a screen with words 'hacking attack'
hacking

Wintermute loses $162 million in DeFi hack

A vulnerability in the vanity address generator Profanity led to the attack
21 Sep 2022
WordPress plugin vulnerability leaves sites open to total takeover
A silhouette of a hand holding a phone displaying the WordPress logo, with a world map drawn in green code in the background
vulnerability

WordPress plugin vulnerability leaves sites open to total takeover

Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay
14 Sep 2022
Trend Micro cautions against actively exploited Apex One RCE vulnerability
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
Security

Trend Micro cautions against actively exploited Apex One RCE vulnerability

The firm also patched a high severity security flaw that lets perpetrators bypass authentication
14 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
Security

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

Several issues in the monthly update require 'urgent' attention but September's Patch Tuesday only brings around half the fixes that came in August
14 Sep 2022
Apple patches yet another zero-day flaw in substantial security update
apple iPhone 14 pro in a line up at Apple's launch showcase in Cupertino, California
zero-day exploit

Apple patches yet another zero-day flaw in substantial security update

The updates include fixes for kernel-level code execution bugs, privacy issues, and more - all impacting iPhone and iPad users
13 Sep 2022
Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs
Motherboard mockup
exploits

Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs

Researchers revealed the details of the six vulnerabilities at Black Hat in August but many laptops, desktops, and workstations remain vulnerable
12 Sep 2022
CISA warns against actively exploited Chrome and D-Link security flaws
Chrome thumbnail on a computer screen
cyber security

CISA warns against actively exploited Chrome and D-Link security flaws

The agency has made it imperative for all FCEB agencies to patch their systems before September 29
9 Sep 2022
HP patches high-severity security flaw in its own support tool
Top-down picture of HP Spectre 13 laptop
exploits

HP patches high-severity security flaw in its own support tool

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
8 Sep 2022
'Vast majority' of mobile apps found leaking AWS credentials are on iOS
Black iPhone 13 Pro on a dark wood surface
cyber security

'Vast majority' of mobile apps found leaking AWS credentials are on iOS

Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shown
2 Sep 2022
US government set to outlaw leaky software in the military
The Capitol building in Washington, DC
Policy & legislation

US government set to outlaw leaky software in the military

The 'secure-by-design' approach has been met broadly positively by experts and will aim to prevent high-profile security incidents
18 Aug 2022
Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
A symbol of a white padlock inside the outline of a shield on a red microchip
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

The RCE and kernel-level bugs may have been actively exploited and could give high-level privileges to attackers
18 Aug 2022