Vulnerabilities | News, how-tos, features, reviews, and videos
Microsoft warns of expanding Russian cyberwarfare as attackers exploit IT management software to breach enterprises.
The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples.
Exploited CVEs increased by a fifth in 2024, according to analysis by VulnCheck, with increased transparency and improved monitoring playing a role. Still, proactive measures are vital.
Also prioritize patches for vulnerabilities in LDAP and NTLM, as well as Hyper-V, experts say.
While unpatched instances were reduced to half within a month, a huge number of them remain vulnerable even as attackers exploit the flaw in the wild for critical RCE attacks.
A critical USB restriction flaw was addressed in an emergency iOS and iPadOS update.
The deserialization flaw allows attackers to remotely execute arbitrary codes on customers’ IIS web servers.
The insecure deserialization and authorization bypass flaws could enable attackers to escalate privileges and run arbitrary commands.
When AMD finally issued patches for its critical microcode security hole on Monday, it said that the glitch 'could lead to the loss of Secure Encrypted Virtualization protection.'
Functionality in the device firmware sends patient data to a hardcoded IP address that also downloads and executes binary files without the owner’s knowledge.