Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not …
2025 Data Breach Investigations Report: Third-party breaches double
The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%, according to Verizon’s 2025 Data Breach …
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. …
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under …
Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) …
What 2024 taught us about security vulnerabilties
From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical …
Infosec products of the month: December 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, …
Microsoft fixes exploited zero-day (CVE-2024-49138)
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by …
New infosec products of the week: December 6, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza. FortiAppSec …
Tenable Patch Management prevents problematic updates
Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration …
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular …
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, …
Featured news
Resources
Don't miss
- Building cybersecurity culture in science-driven organizations
- How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
- Google strengthens secure enterprise access from BYOD Android devices
- Southwest Airlines CISO on tackling cyber risks in the aviation industry
- Insider risk management needs a human strategy