Cisco warns of two more SD-WAN bugs under active attack
Switchzilla says flaws could allow file overwrites or privilege escalation
Cyber-crime06 Mar 2026 | 3
Patches
LexisNexis confirms data breach at Legal & Professional arm, some customer records affected
Crooks claim 2 GB haul from AWS instance via React2Shell exploit
Cyber-crime04 Mar 2026 | 8
Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover
A rare joint alert from all five spy agencies means serious business
Networks26 Feb 2026 | 10
Patch these 4 critical, make-me-root SolarWinds bugs ASAP
SolarWinds + file transfer software = what attackers' dreams are made of
Patches24 Feb 2026 | 3
Attacker gets into France's database listing all bank accounts, makes off with 1.2 million records
Infosec In Brief PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more
Security22 Feb 2026 | 39
CISA gives federal agencies three days to patch actively exploited Dell bug
Hardcoded credential flaw in RecoverPoint already abused in espionage campaign
Patches20 Feb 2026 | 5
Google patches Chrome zero-day as in-the-wild exploits surface
High-severity CSS flaw let malicious webpages run code inside the sandbox
Security16 Feb 2026 | 6
Attackers finally get around to exploiting critical Microsoft bug from 2024
As if admins haven't had enough to do this week
Patches13 Feb 2026 | 13
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware
Flaw abused 'in an extremely sophisticated attack against specific targeted individuals'
Cyber-crime12 Feb 2026 | 31
Microsoft's Valentine's gift to admins: 6 exploited zero-day fixes
Roses are red, violets are blue ... now get patching
Patches10 Feb 2026 | 15
Critical SolarWinds Web Help Desk bug under attack
US agencies told to patch by Friday
Patches04 Feb 2026 | 4
Critical React Native Metro dev server bug under attack as researchers scream into the void
Too slow react-ion time
Patches03 Feb 2026 | 4
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page
Security02 Feb 2026 | 2
January blues return as Ivanti coughs up exploited EPMM zero-days
Consider yourselves compromised, experts warn
Security30 Jan 2026 | 5
Patch or die: VMware vCenter Server bug fixed in 2024 under attack today
If you skipped it back then, now’s a very good time
Patches23 Jan 2026 | 7
Fortinet admits FortiGate SSO bug still exploitable despite December patch
Fix didn't quite do the job – attackers spotted logging in
CSO23 Jan 2026 | 3
Ancient telnet bug happily hands out root to attackers
Critical vuln flew under the radar for a decade
Patches22 Jan 2026 | 46
Another week, another emergency patch as Cisco plugs Unified Comms zero-day
The critical-rated flaw leaves unpatched systems open to full takeover
Networks22 Jan 2026 | 1
Cloudflare whacks WAF bypass bug that opened side door for attackers
ACME validation had a challenge-request hole
Patches20 Jan 2026 | 1
Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution
Prompt injection for the win
Patches20 Jan 2026 | 8
Popular
'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes
Attack infrastructure attributed to 'several Iran-nexus threat actors'
Microsoft Copilot to hijack your browser... for your own convenience
Embeds Edge into AI assistant, ignores questions about opt-in
Techie was given strict instructions not to disrupt client. Then he touched one box and the lights went out
On Call Discovering, and explaining, the bizarre cause was harder than the job he was sent to do
UK watchdog eyes Meta's smart glasses after workers say they 'see everything'
Contractors tasked with improving AI reportedly had access to intimate footage captured through wearables
Iran intelligence backdoored US bank, airport, software outfit networks
MOIS-linked MuddyWater crew has a new, custom implant
Supposedly big-brained execs are outsourcing decisionmaking to AI
Survey of UK bosses find 62 percent rely on LLMs for help
Chardet dispute shows how AI will kill software licensing, argues Bruce Perens
Alarm bells are ringing in the open source community, but commercial licensing is also at risk
Iranian news service claims drone strikes on AWS were deliberate, to probe for US datacenter dependencies
Remember: Truth is the first casualty of war
Office EU waves sovereignty flag with a familiar stack under the bonnet
Euro productivity suite appears to be hosted Nextcloud and Collabora Online
Broadcom says AI companies can’t make their own silicon any time soon
Offers booming customer accelerator biz as evidence, while VMware props up its software business
STORIES
Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch
Microsoft claims it's a Secure Launch bug
Patches16 Jan 2026 | 113
Cisco finally fixes max-severity bug under active attack for weeks
This is a threat to security - and to the weekend for some unlucky netadmins
Patches15 Jan 2026 | 2
Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
First Patch Tuesday of 2026 goes big
Security14 Jan 2026 | 3
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group
Patches13 Jan 2026 | 1
Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit
No reports of active exploitation … yet
Patches08 Jan 2026 | 3
CISA flags actively exploited Office relic alongside fresh HPE flaw
Max-severity OneView hole joins a PowerPoint bug that should've been retired years ago
Cyber-crime08 Jan 2026 | 6
Maximum-severity n8n flaw lets randos run your automation server
Unauthenticated RCE means anyone on the network can seize full control
Patches08 Jan 2026 | 12
Logitech macOS mouse mayhem traced to expired dev certificate
Company says it dropped the ball, apologizes for wasting people's time
Patches08 Jan 2026 | 48
An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit
You didn't think you'd get to enjoy your time off without a major cybersecurity incident, did you?
Patches30 Dec 2025 | 20
Microsoft rushes an out-of-band update for Message Queuing bug
Redmond gets in early for the twelve whoopsies of Christmas
Patches23 Dec 2025 | 9
WatchGuard sounds alarm as critical Firebox flaw comes under active attack
Newly disclosed vulnerability already being abused, users urged to lock down exposed firewalls
Networks19 Dec 2025 | 14
HPE tells customers to patch fast as OneView RCE bug scores a perfect 10
Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform
Patches19 Dec 2025 | 4
Apple, Google forced to issue emergency 0-day patches
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse
Patches15 Dec 2025 | 31
Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg
Patches12 Dec 2025 | 7
New React vulns leak secrets, invite DoS attacks
And the earlier React2Shell patch is vulnerable
Patches12 Dec 2025 | 3
Google fixes super-secret 8th Chrome 0-day
No details, no CVE, update your browser now
Patches11 Dec 2025 | 10
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files
Patches04 Dec 2025 | 17
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year
Patches02 Dec 2025 | 13
Fortinet finally cops to critical make-me-admin bug under active exploitation
More than a month after PoC made public
Patches14 Nov 2025 | 9
Cisco warns of 'new attack variant' battering firewalls under exploit for 6 months
Plus 2 new critical vulns - patch now
Patches06 Nov 2025 | 4
AMD red-faced over random-number bug that kills cryptographic security
Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way
Security05 Nov 2025 | 11
Docker Compose vulnerability opens door to host-level writes – patch pronto
Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity
Patches30 Oct 2025 | 3
Microsoft drops surprise Windows Server patch before weekend downtime
You didn't have plans, did you?
Patches24 Oct 2025 | 16
Forking confusing: Vulnerable Rust crate exposes uv Python packager
Forks of forks of forks, but which ones are patched?
Patches22 Oct 2025 | 6
Devs are writing VS Code extensions that blab secrets by the bucketload
Vibe coding may have played a role in what took researchers months to fix
Research15 Oct 2025 | 10
Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens
Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data
Patches14 Oct 2025 | 1
Clop crew hits Oracle E-Business Suite users with fresh zero-day
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion
Cybersecurity Month06 Oct 2025 |
Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Researchers suggest internet-facing portals are exposing 'thousands' of orgs
Cybersecurity Month03 Oct 2025 |
Warnings about Cisco vulns under active exploit are falling on deaf ears
50,000 firewall devices still exposed
Patches30 Sep 2025 | 22
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable
Patches26 Sep 2025 | 3
UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild
CISA gives feds 24 hours to patch, NCSC urges rapid action as flaws linked to ArcaneDoor spies
Patches26 Sep 2025 | 14
Zero-day deja vu as another Cisco IOS bug comes under attack
The latest in a run of serious networking bugs gives attackers root if they have SNMP access
Networks25 Sep 2025 | 13
SonicWall releases rootkit-busting firmware update following wave of attacks
Security vendor's no good, very bad week year
Patches23 Sep 2025 |
Third time's the charm? SolarWinds (again) patches critical Web Help Desk RCE
Or maybe 3 strikes, you're out?
Patches23 Sep 2025 | 2
Ding ding: Fortra rings the perfect-10 bell over latest GoAnywhere MFT bug
Outside experts say the vulnerability has probably already been exploited
Patches19 Sep 2025 | 7
OpenAI plugs ShadowLeak bug in ChatGPT that let miscreants raid inboxes
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data
Patches19 Sep 2025 | 5
Google pushes emergency patch for Chrome 0-day – check your browser version now
Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play
Patches18 Sep 2025 | 8
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals'
Patches16 Sep 2025 | 7
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against 'specific targeted users'
Patches12 Sep 2025 | 7
Critical, make-me-super-user SAP S/4HANA bug under active exploitation
9.9-rated flaw on the loose, so patch now
Patches05 Sep 2025 | 1
Android drops mega patch bomb - 120 fixes, two already exploited
September bundle the largest this year, and possibly the most serious
Patches03 Sep 2025 | 14
Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk
Major flaws uncovered in Copeland controllers: Patch now
Patches02 Sep 2025 | 47
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK
Patches28 Aug 2025 | 3
Apple rushes out fix for active zero-day in iOS and macOS
Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden
Patches21 Aug 2025 | 21
Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE
Move along, nothing to see here
Patches20 Aug 2025 | 2
Commvault releases patches for two nasty bug chains after exploits proven
Updated Researchers disclosing their findings said 'it's as bad as it sounds'
Patches20 Aug 2025 |
Don't want drive-by Ollama attackers snooping on your local chats? Patch now
Reconfigure local app settings via a 'simple' POST request
Patches19 Aug 2025 | 4
Cisco's Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole
Switchzilla's summer of perfect 10s
Patches15 Aug 2025 | 8
Fortinet discloses critical bug with working exploit code amid surge in brute-force attempts
If there's smoke?
Patches13 Aug 2025 | 10
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
No reported in-the-wild exploits…yet
Patches07 Aug 2025 | 5
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Psst, wanna steal someone's biometrics?
Patches05 Aug 2025 | 20
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise
Wiz Research details flaws in Python backend that expose AI models and enable remote code execution
Patches05 Aug 2025 | 1
Microsoft spotlights Apple bug patched in March as SharePoint exploits continue
Look over there!
Patches28 Jul 2025 | 1
Microsoft patches critical SharePoint 2016 zero-days amid active exploits
Admins urged to rotate machine keys, restart IIS after emergency fix
Patches22 Jul 2025 |
Another massive security snafu hits Microsoft, but don't expect it to stick
comment Move along, nothing to see here
Patches21 Jul 2025 | 14
Watch out, another max-severity, make-me-root Cisco bug on the loose
Updated Three perfect 10s in the last month - ISE, ISE, baby
Patches17 Jul 2025 | 16
Microsoft offers vintage Exchange and Skype server users six more months of security updates
It looks like enough of you are struggling to migrate that Redmond is willing to help out – for a price that might buy nothing
Patches17 Jul 2025 | 11
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal
Patches11 Jul 2025 | 12
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Updated Add CISA to the list
Patches10 Jul 2025 | 3
Microsoft enjoys first Patch Tuesday of 2025 with no active exploits
Sure, 130 fixes were sent out, but bask in the security goodness
Patches08 Jul 2025 | 15
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
NetScaler vendor issued a patch but otherwise, stony silence
Patches07 Jul 2025 | 6
Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
The second max score this week for Netzilla - not a good look
Patches02 Jul 2025 | 14
CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'
Patches02 Jul 2025 | 7
Microsoft admits to Intune forgetfulness
Customizations not saved with security baseline policy update
Patches01 Jul 2025 | 8
Cisco fixes two critical make-me-root bugs on Identity Services Engine components
A 10.0 and a 9.8 – these aren’t patches to dwell on
Datacenter Networking Nexus26 Jun 2025 | 4
Citrix bleeds again: This time a zero-day exploited - patch now
Two emergency patches issued in two weeks
Patches25 Jun 2025 | 1
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Why are you even reading this story? Patch now!
Patches24 Jun 2025 | 7
Veeam patches third critical RCE bug in Backup & Replication in space of a year
Version 13 can’t come soon enough
Patches18 Jun 2025 | 1
Sitecore CMS flaw let attackers brute-force 'b' for backdoor
Hardcoded passwords and path traversals keeping bug hunters in work
Patches17 Jun 2025 | 5
Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue'
updated On your marks, get set... bork!
Patches11 Jun 2025 | 50
Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack
Patch Tuesday Stealthy Falcon swoops on WebDAV and Redmond's even patching IE!
Patches10 Jun 2025 |
Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild
TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind
Patches03 Jun 2025 | 6
Microsoft patches the patch that put Windows 11 in a coma
Out-of-band is becoming the norm rather than the exception
OSes03 Jun 2025 | 13
Microsoft's May Patch Tuesday update fails on some Windows 11 VMs
'The operating system couldn't be loaded' is never a great message
Patches29 May 2025 | 17
'Ongoing' Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites
CSO21 May 2025 | 4
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
Update before that proof-of-concept comes to bite
Patches20 May 2025 | 21
Ivanti patches two zero-days under active attack as intel agency warns customers
Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product
Patches14 May 2025 | 1
Go ahead and ignore Patch Tuesday – it might improve your security
No rush, according to Gartner chap who says: 'Nobody has ever out-patched threat actors at scale'
Patches14 May 2025 | 34
Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Patch Tuesday Plus: All the fun and frolic of fixes from Adobe, SAP, Ivanti
Patches14 May 2025 | 3
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed
Patches13 May 2025 |
Biting the hand that feeds IT
