June 2025 Microsoft Patch Tuesday fixes two zero-days
Microsoft’s June Patch Tuesday fixes 67 vulnerabilities, including two zero-days, one of which is being actively exploited.
1 minute
Vulnerabilities
April 2025 Patch Tuesday includes one zero-day
April’s Patch Tuesday fixes a whopping 126 Microsoft vulnerabilities.
2 minutes
March 2025 Patch Tuesday, severity over quantity
The March 2025 Patch Tuesday update contains an unusually large number of zero-day vulnerabilities that are being actively exploited.
3 minutes
What is Cross-Site Scripting (XSS)?
Cross-site scripting is a type of attack where a vulnerability in web applications is exploited and malicious script is injected…
3 minutes
Why ransomware gangs want you to keep using that GPON router
A vulnerability found in 2018 is ranked #6 on the list of most attacked vulnerabilities.
2 minutes
Hybrid cloud environments are not safe from ransomware
A ransomware affiliate has been found compromising hybrid cloud environments.
3 minutes
Windows MSHTML vulnerability actively exploited
CISA has added another MSHTML vulnerability rooted in Internet Explorer to its known exploited vulnerabilities catalog
1 minute
Update now! Critical CVSS 10 vulnerability in Ivanti EPM
Ivanti has released a fix for CVE-2024-29847, a deserialization of untrusted data flaw that allows remote code execution in its…
2 minutes
Update now! Four zero-days fixed in September Patch Tuesday
Microsoft’s September Patch Tuesday covers 79 Microsoft CVEs and includes four actively exploited zero-days.
2 minutes
Ransomware gangs target SonicWall vulnerability
SonicWall is urging customers affected by CVE-2024-40766 to "please apply the patch as soon as possible."
2 minutes
Patch now! Zero-day used to target ISPs and MSPs
A patch is now available for a high severity vulnerability in Versa Director that can be used to compromise ISPs,…
2 minutes
What is a path traversal vulnerability?
What are path or directory traversal vulnerabilities, and how can you protect against them?
3 minutes
Patch, but don’t be scared! OpenSSH bug is back from the dead
A vulnerability from 2006 has come back to life to haunt installations of the widely-used secure shell.
2 minutes
Upgrade now! Juniper releases patch for critical authentication bypass
Juniper Networks has released an out-of-cycle upgrade for a CVSS 10 vulnerability.
1 minute
Old, critical Firefox updates STILL need patching
It isn't just Chrome that organizations are struggling to keep updated.
2 minutes
Upgrade now! Critical Fortra FileCatalyst Workflow vulnerability needs your attention
An SQL injection vulnerability in Forta’s FileCatalyst Workflow has a CVSS score of 9.8 and a working proof-of-concept exploit.
1 minute
GrimResource MSC attack uses 5-year-old vulnerability
Cybercriminals' search for an alternative to Office macros has brought them to MSC files used by the Microsoft Management Console.
2 minutes
Patch now! VMWare releases fix for critical vulnerabilities
Broadcom notified VMWare users about an update for VMware vCenter Server which addresses three critical vulnerabilities.
2 minutes
Why are browser vulnerabilities going unpatched?
Last week, the top five unpatched vulnerabilities were all browser-based, some from 2023.
3 minutes
20,000 Fortinet VPN appliances compromised, investigation reveals
An investigation by Dutch government agencies has revealed that over 20,000 FortiGate security appliances were compromised by cyber-spies.
2 minutes
