security update
Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the …
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)
A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information …
December 2023 Patch Tuesday: 33 fixes to wind the year down
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …
Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could …
Microsoft will offer extended security updates for Windows 10
Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be …
Qlik Sense flaws exploited in Cactus ransomware campaign
Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers …
Critical Zyxel NAS vulnerabilities patched, update quickly!
Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by …
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against …
Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively …
Why it’s the perfect time to reflect on your software update policy
The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security …
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility