security update
QNAP NAS devices open to remote command execution
If you’re using one of the many QNAP NAS devices and you haven’t yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don’t …
Apple patches drive-by Wi-Fi flaw with emergency iOS patch
Less than a week after Apple pushed out iOS 10.3 comes an iOS emergency patch that all iDevice owners should implement as soon a possible. The security note accompanying iOS …
Scareware scammers target iOS users
A bug in the way that Mobile Safari handles pop-up dialogs has been abused to scare iOS users into paying a “fine” in the form of an iTunes pre-paid card. The iOS …
March Patch Tuesday closes record number of vulnerabilities
With no February Patch Tuesday, it was to be expected that Microsoft would fix a huge number of security issues in March. They didn’t disappoint: 139 unique CVEs have …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
ESET antivirus opens Macs to remote code execution
Like any other software, security software is sure to have some vulnerabilities that can be exploited by attackers. The latest in a long list of examples that prove this fact …
Microsoft pushes out patches for critical Flash Player vulnerabilities
Microsoft has skipped its February 2017 Patch Tuesday and postponed the release of those patches for March, but there are apparently security vulnerabilities that must be …
Microsoft postpones Patch Tuesday
Patch Tuesday is the day when most system administrators sit down and perform critical patching of the systems under their control – or at least begin testing the …
Will February’s Patch Tuesday fix a known zero-day?
Coming into Patch Tuesday we have a known zero day on the Microsoft side, and we’ve seen example code for an SMB exploit that could lead to DoS and BYOD of a system. US …
Tens of thousands WordPress sites defaced, SEO spam to follow
Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress’ REST API to deface websites. Sucuri, the company …
Cisco Prime Home flaw allows hackers to reach into people’s homes
Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with …
WordPress kept users and hackers in the dark while secretly fixing critical zero-day
Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier. What the WordPress …
Featured news
Resources
Don't miss
- Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)
- CISA and partners take action as Microsoft Exchange security risks mount
- Shadow AI: New ideas emerge to tackle an old problem in new form
- AI chatbots are sliding toward a privacy crisis
- You can’t audit how AI thinks, but you can audit what it does