vulnerability
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws

Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code exec…
25 Oct 2022
Undetectable PowerShell backdoor discovered hiding as Windows update

Undetectable PowerShell backdoor discovered hiding as Windows update
SafeBreach researchers identified the backdoor, which they say went undetected on all major antivirus programs
19 Oct 2022
Office 365's encryption feature can be easily hacked, warns WithSecure

Office 365's encryption feature can be easily hacked, warns WithSecure
Researchers advise enterprises to move away from Office 365 Message Encryption, claiming its messages can be decrypted without a key
19 Oct 2022
Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes

Fortinet reiterates call to mitigate against active zero-day, as customers delay fixes
A large number of customers have yet to apply mitigations necessary to avoid the critical vulnerability
18 Oct 2022
Microsoft still searching for zero-day fixes following Patch Tuesday

Microsoft still searching for zero-day fixes following Patch Tuesday
ProxyNotShell remains unaddressed even as Microsoft fixes several critical flaws in its monthly package of security patches
12 Oct 2022
Boeing 737 MAX: You can no longer escape liability due to poor code

Boeing 737 MAX: You can no longer escape liability due to poor code
Known vulnerabilities in Boeing’s flight software led to two fatal crashes, as well as a landmark decision with major ramifications for software devel…
8 Oct 2022
Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours

Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours
The string of problematic temporary fixes for ‘ProxyNotShell’ grows longer after a 'confusing' and 'atypical' week-long vulnerability disclosure proce…
7 Oct 2022
CISA issues fresh orders to polish security vulnerability detection in federal agencies

CISA issues fresh orders to polish security vulnerability detection in federal agencies
The move marks the latest step in the cyber security authority's ongoing ambition to minimise the government's exposure to attacks
6 Oct 2022
US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools

US military contractor hacked through Microsoft Exchange vulnerabilities, custom exfiltration tools
In a joint advisory, US security groups have warned the prolonged campaign showed new strategies in play, with the vector still unknown
5 Oct 2022
GitHub alerts users to active phishing campaign

GitHub alerts users to active phishing campaign
The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policy
23 Sep 2022
1.1 million Tesla cars recalled over software glitch

1.1 million Tesla cars recalled over software glitch
The mass recall is prompted by a flaw in the vehicles' automatic window reversal system
23 Sep 2022
Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release

Mozilla patches high-severity security flaws in new ‘speedy’ Firefox release
Numerous vulnerabilities across Mozilla's products could potentially lead to code execution and system takeover
23 Sep 2022
15-year-old vulnerability found in Python module

15-year-old vulnerability found in Python module
Hundreds of thousands of repositories have been found to be exposed to the vulnerability
22 Sep 2022
Wintermute loses $162 million in DeFi hack

Wintermute loses $162 million in DeFi hack
A vulnerability in the vanity address generator Profanity led to the attack
21 Sep 2022
WordPress plugin vulnerability leaves sites open to total takeover

WordPress plugin vulnerability leaves sites open to total takeover
Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay
14 Sep 2022
Trend Micro cautions against actively exploited Apex One RCE vulnerability

Trend Micro cautions against actively exploited Apex One RCE vulnerability
The firm also patched a high severity security flaw that lets perpetrators bypass authentication
14 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Several issues in the monthly update require 'urgent' attention but September's Patch Tuesday only brings around half the fixes that came in August
14 Sep 2022
Apple patches yet another zero-day flaw in substantial security update

Apple patches yet another zero-day flaw in substantial security update
The updates include fixes for kernel-level code execution bugs, privacy issues, and more - all impacting iPhone and iPad users
13 Sep 2022
Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs

Numerous HP business laptops and desktops vulnerable to publicly disclosed security bugs
Researchers revealed the details of the six vulnerabilities at Black Hat in August but many laptops, desktops, and workstations remain vulnerable
12 Sep 2022
CISA warns against actively exploited Chrome and D-Link security flaws

CISA warns against actively exploited Chrome and D-Link security flaws
The agency has made it imperative for all FCEB agencies to patch their systems before September 29
9 Sep 2022
HP patches high-severity security flaw in its own support tool

HP patches high-severity security flaw in its own support tool
The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
8 Sep 2022
'Vast majority' of mobile apps found leaking AWS credentials are on iOS

'Vast majority' of mobile apps found leaking AWS credentials are on iOS
Only 2% of the apps that were found to be leaking hard-coded AWS credentials were on the Android platform, research has shown
2 Sep 2022
US government set to outlaw leaky software in the military

US government set to outlaw leaky software in the military
The 'secure-by-design' approach has been met broadly positively by experts and will aim to prevent high-profile security incidents
18 Aug 2022
Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
The RCE and kernel-level bugs may have been actively exploited and could give high-level privileges to attackers
18 Aug 2022