The latest cybersecurity threats and news to help you protect your data, networks, applications, and devices.
Microsoft, Apple, and Linux all had major vulnerabilities brought to light last week. Discover how they affect you. Read more
Microsoft’s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday. Read more
A vulnerability in the HTTP/2 protocol dubbed “Rapid Reset” has led to record DDoS attacks on web servers in recent months. Google, AWS and Cloudflare jointly revealed the attacks and vulnerability today, but noted that every modern web server remains vulnerable to the attack technique. Web server vendors and projects also announced mitigation measures and… Read more
A surge of critical vulnerabilities and zero-day exploits has made for a very busy week in IT security, affecting a range of tech giants like Atlassian, Cisco, Apple, Arm, Qualcomm and Microsoft. Among the issues in the last week, Android and Arm faced actively exploited vulnerabilities in GPU drivers. Microsoft released urgent patches for Edge,… Read more
Vulnerabilities carrying high severity scores require urgent attention, and many of this week’s critical vulnerabilities are no exception. A host of zero-day vulnerabilities, several under active attack, will require immediate attention for patching or mitigation. However, as valuable as ratings can be, they don’t tell the whole story. 25-year-old RSA description vulnerabilities defy the CSV… Read more
This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools. Read about… Read more
It wasn’t just Microsoft making news last week; Adobe, Apple, Chrome, SAP and VMware also pushed out updates for critical vulnerabilities. Read more
Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with… Read more
Android, Apple, Apache, Cisco and Microsoft are among the names reporting security vulnerabilities in the last week, and some are already under attack. Read more
Citrix, Juniper, VMware and Cisco are just a few of the IT vendors whose products made news for security vulnerabilities in the last week. Read more