security update
VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user …
VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log …
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …
Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About …
Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206)
Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by …
April 2023 Patch Tuesday forecast: The vulnerability discovery race
The answer to the question “Why does software continue to have so many vulnerabilities?” is complex, because the software itself is so complex. There’ve been many articles …
Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been …
Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)
Apple has released security updates for – pardon the pop-culture reference – everyhing everywhere all at once, and has fixed the WebKit vulnerability …
Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 76 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, …
Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy. None of the …
VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical …
Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)
Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility