Neowin News Feed for: Vulnerabilities

Anthropic just unveiled its most dangerous AI model and is keeping it out of public hands

Karthik Mudaliar — Tue, 07 Apr 2026 22:36:02 +0000

Anthropic has unveiled Project Glasswing, a coalition with Apple, Google, Microsoft, and others built around an AI model it is deliberately keeping from public release. Here's why. Read more...

Apple releases iOS 15.8.7 and iOS 16.7.15 for older devices to patch the Coruna exploit

Ivan Jenic — Thu, 12 Mar 2026 02:18:01 +0000

Apple just released a bunch of security updates for older iPhones and iPads to address a serious vulnerability. Read more...

Rsync package in Ubuntu distros updated to fix remote code execution bugs, download now

Paul Hill — Wed, 15 Jan 2025 10:26:01 +0000

Canonical has pushed a patch for rsync after researchers uncovered serious vulnerabilities that enable remote code execution attacks. Read more...

Hackers can exploit Microsoft macOS app vulnerabilities to bypass permissions

Pradeep Viswanathan — Tue, 20 Aug 2024 05:06:03 +0000

Cisco Talos discovered eight vulnerabilities in Microsoft 365 apps on macOS. These vulnerabilities allow hackers to bypass macOS permissions and perform actions like sending emails or recording audio. Read more...

GitHub now lets researchers privately report vulnerabilities to project maintainers

Paul Hill — Wed, 19 Apr 2023 22:50:01 +0000

GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability. Read more...

Open-Source code is unsafe and risky because of its rampant use, claims report

Alap Naik Desai — Tue, 21 Jun 2022 18:16:02 +0000

Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks. Read more...

Microsoft Edge 102.0.1245.41 has security fixes and solves PDF printing bug

Alap Naik Desai — Tue, 14 Jun 2022 13:06:01 +0000

Microsoft released two small updates for the Chromium-based Edge browser over the weekend. The latest update addresses a bug that prevented PDF files from being printed using the browser. Read more...

Protocol vulnerability allows launching malicious Windows Search by just opening Word file

Taras Buria — Thu, 02 Jun 2022 06:54:02 +0000

A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file. Read more...

Microsoft Windows under attack from Hafnium group's 'Tarrask' malware

Alap Naik Desai — Wed, 13 Apr 2022 00:26:01 +0000

The infamous Hafnium group which successfully targeted on-premises Microsoft Exchange servers is now going after Windows using Tarrask malware which evades detection by cleaning its activities. Read more...

Five critical vulnerabilities in Microsoft Azure Defender for IoT discovered and patched

Alap Naik Desai — Mon, 28 Mar 2022 21:28:01 +0000

Azure Defender for IoT had five security vulnerabilities that SentinelOne‘s SentinelLabs had discovered and proactively reported to Microsoft. Some of the flaws are rated "Critical" for severity. Read more...

Mozilla Firefox receives out of band update to patch two critical security exploits

Alap Naik Desai — Sat, 05 Mar 2022 23:00:02 +0000

Mozilla has released Firefox v97.0.2. It's an out-of-band security update to patch two "Critical" security flaws that are being exploited in the wild. These 0-Days rely on the 'Use-after-free' bug. Read more...

Cisco Webex vulnerabilities allowed "ghost" users to go undetected in meetings, fixed

Abhay V — Wed, 18 Nov 2020 21:40:01 +0000

IBM researchers discovered three vulnerabilities in Cisco's Webex that allowed attackers to join meetings without being detected, even after being expelled. The bugs have now been fixed. Read more...

Apple is giving research iPhones to bug hunters as part of a new security program

Jay Bonggolto — Wed, 22 Jul 2020 22:36:01 +0000

Apple has kicked off a new security research program that will provide specialized devices to bug hunters to make it easier for them to identify issues in iOS. Devices will be limited initially. Read more...

Mozilla pushes Firefox 74.0.1 fixing two zero-day exploits

Paul Hill — Sat, 04 Apr 2020 17:16:01 +0000

Mozilla has released Firefox 74.0.1 which includes patches for two zero-day vulnerabilities that are actively being exploited in the wild. The vulnerabilities allow hackers to run code on systems. Read more...

TikTok patches flaws that could let hackers access personal user data and manipulate videos

Hamza Jawad — Wed, 08 Jan 2020 11:26:01 +0000

Researchers discovered security flaws in the immensely popular social media application that would have allowed hackers to access users' personal data and manipulate the content on their accounts. Read more...

Microsoft Weekly: High frame rates, Patch Tuesday, and the Share button's return

Florin Bodnarescu — Sun, 18 Aug 2019 06:38:01 +0000

A fair few bits of news surfaced this past week, including the cancellation of Minecraft's Super Duper Graphics Pack, the arrival of this month's Patch Tuesday, and more. catch up below. Read more...

Intel's upcoming processors may not fix the latest Spectre variant

João Carrasqueira — Fri, 25 May 2018 18:36:02 +0000

The hard times for Intel may not be over yet, as sources say that the promised silicon-level fix for the Spectre and Meltdown vulnerabilities may not protect from the variant discovered this week. Read more...

AMD now facing class action suits over Spectre vulnerability of CPUs

John Keefer — Thu, 22 Feb 2018 22:48:01 +0000

Intel has been taking the brunt of the consumer backlash over the Spectre and Meltdown vulnerabilities found in its CPUs, but AMD is also starting to take some heat in the form of legal action. Read more...

Intel warned select customers of processor vulnerabilities before the U.S. Government

Abhay V — Mon, 29 Jan 2018 12:08:02 +0000

A recent report by The Wall Street Journal states that according to sources, Intel did not warn the U.S. Government of the Meltdown and Spectre vulnerabilities, but did inform Chinese tech giants. Read more...

Apple sued for not informing users of Meltdown and Spectre vulnerabilities

Muhammad Jarir Kanji — Tue, 16 Jan 2018 19:24:01 +0000

A new lawsuit filed in the United States claims malfeasance on the smartphone maker's part by not informing its users of the existence of these processor vulnerabilities at an earlier date. Read more...

AMD starts rolling out its own Spectre processor fixes

John Keefer — Fri, 12 Jan 2018 02:04:01 +0000

AMD has maintained that its processors are immune to Meltdown and that its chip architecture made it likely that Spectre posed zero risk. However, it is still issuing updates to mitigate risk. Read more...

Intel promises customer-first mantra and more transparency going forward

John Keefer — Thu, 11 Jan 2018 20:27:18 +0000

Intel has been battered by the revelation of vulnerabilities in its chips. For his part, CEO Brian Krzanich has owned up to the company's missteps, and now offers an open letter to the tech community. Read more...

Google lists all Chromebooks and their Meltdown update status

John Keefer — Wed, 10 Jan 2018 21:34:02 +0000

Google has quickly updated most of its hardware to help mitigate against the Meltdown and Spectre security holes, but if you have questions about your Chromebook, you can find out its update status. Read more...

Ubuntu systems also having boot-up issues due to Meltdown and Spectre patches

Muhammad Jarir Kanji — Wed, 10 Jan 2018 19:50:01 +0000

Users of the Ubuntu are also reporting issues with the patches aimed at mitigating the Meltdown and Spectre CPU exploits, with some systems having boot-up issues after installation. Read more...

Nvidia to release mitigation updates for Shield TV and Tablet

John Keefer — Tue, 09 Jan 2018 01:40:01 +0000

Hardware and software makers continue to deal with the potential problems caused by processor vulnerabilities Meltdown and Spectre. Nvidia is the latest to do so, with updates for its SoCs and GPUs. Read more...

Apple releases Spectre mitigations for macOS 10.13.2 and iOS 11.2.2

John Keefer — Mon, 08 Jan 2018 19:30:01 +0000

The new security updates are designed purely to help make it tougher for hackers to utilize the Spectre vulnerability found is all processors. Apple released an update for Safari 11.0.2, as well. Read more...

Linux creator Linus Torvalds has harsh words for Intel over chip design

John Keefer — Sun, 07 Jan 2018 00:34:08 +0000

Intel has been getting battered from all sides because of the Meltdown and Spectre flaws found in its chips. While other chip designs face the same Spectre issues, Torvalds chose to target Intel. Read more...

Microsoft Weekly: Fixing flaws, Cortana crisis, and Windows watching

John Keefer — Sat, 06 Jan 2018 18:24:01 +0000

Welcome to a new column that rounds up the news of the week out of Redmond. For the week of December 30 to January 5, we have chip vulnerabilities that needed attention and some problems for Cortana. Read more...

Licensed to hack: Singapore looks into registration scheme for ethical hackers

Paul Hill — Mon, 17 Jul 2017 00:28:01 +0000

Singapore is currently taking feedback on a new cybersecurity bill which will require ethical hackers to be licensed before undertaking their work. The law could benefit both hackers and companies. Read more...

900 million Android devices, including latest flagships, affected by new vulnerabilities

Andy Weir — Mon, 08 Aug 2016 13:28:01 +0000

Four major security flaws, collectively dubbed 'QuadRooter', have left around 900 million Android devices with Qualcomm chipsets - including many of the latest flagships - vulnerable to attack. Read more...

Google pays out $65,000 to external researchers for fixing Chrome bugs

Shreyas Gandhe — Tue, 31 May 2016 00:30:01 +0000

Chrome 51 was recently added to the stable channel with numerous bug fixes and the company has now revealed the list of vulnerabilities reported by external researchers along with the amount paid out. Read more...

2015: Number of disclosed software vulnerabilities led by Mac OS X, iOS and Flash

John Devon — Fri, 01 Jan 2016 19:48:01 +0000

According to a database run by the U.S. government, the number of disclosed and fixed vulnerabilities by product was led by OS X, iOS and Flash, with Android at #20 and Windows at #14. Read more...

Unpatched BIOSes proven susceptible to effortless attacks

Shreyas Gandhe — Wed, 25 Mar 2015 00:52:01 +0000

Security researchers have showcased the hazards of having an unpatched BIOS using a proof of concept malware called "LightEater" at a recent information security conference in Canada. Read more...

Lenovo determined 'to make the Superfish situation better'

Jerry Grey — Tue, 24 Feb 2015 12:04:01 +0000

In an open letter, Lenovo CTO Peter Hortensius said the company is in the midst of developing a concrete plan to address software vulnerabilities, which will be announced later in the week. Read more...

Patch Tuesday included one "critical" and seven "important" patches, IE dodges the bullet

Steven Parker — Wed, 14 Jan 2015 08:31:56 +0000

It's that "time of the month" for Windows where patches get applied to plug vulnerabilities found in the OS. This time around eight were delivered and none affecting Internet Explorer. Read more...

TrueCrypt audit reveals vulnerabilities but no backdoors

Shreyas Gandhe — Wed, 16 Apr 2014 09:47:15 +0000

Open source encryption application TrueCrypt has been audited for potential security flaws and has been found to contain some vulnerabilities but no backdoors which could be used to spy on users. Read more...

Every browser falls at this year's record-setting Pwn2Own

Steven Johns — Sun, 16 Mar 2014 09:20:32 +0000

Pwn2Own inches closer and closer to having a million dollar event payout as the famed competition continues to grow in popularity and participation. Read more...

Microsoft offers up to $100,000 to find Windows 8.1 exploits

John Callaham — Wed, 19 Jun 2013 18:18:25 +0000

Microsoft has announced a 'bounty program' for people who find exploits inside Windows 8.1, with up to $100,000 offered, plus rewards for finding vulnerabilities in the Internet Explorer 11 preview. Read more...

More security flaws discovered in Siemens PLCs

James Woodfin — Fri, 05 Aug 2011 19:37:42 +0000

More vulnerabilities have been found after Stuxnet infected Iranian programmable logic controllers designed by Siemens. Read more...

Microsoft abandons WebGL plans due to security concerns

Denis Wong — Fri, 17 Jun 2011 08:26:13 +0000

If you were counting on WebGL support in upcoming versions of Internet Explorer, you're out of luck for now. Microsoft made the decision to not support WebGL in its current form due to serious security... Read more...