Neowin News Feed for: Vulnerability

Exchange Server has a "critical" security bug, but Microsoft does not have a proper fix yet

Usama Jawad — Fri, 15 May 2026 07:44:02 +0000

Microsoft warns of a critical Exchange Server flaw that could let attackers hijack browsers through emails, with full fixes locked behind paid support for some. Read more...

Nightmare-Eclipse drops YellowKey and GreenPlasma exploits for Windows 11

Paul Hill — Thu, 14 May 2026 06:08:01 +0000

Is there a backdoor in BitLocker? A new exploit suggests Microsoft might have left the door open for data access, while a second flaw threatens system security. Read more...

Windows 11's controversial Recall is under fire again, while Microsoft denies flaws

Taras Buria — Wed, 15 Apr 2026 14:50:01 +0000

Windows 11's Recall is in hot water again, as a newly released tool shows how to extract all the screenshots and captured data. Read more...

Google patches a critical Chrome vulnerability already being exploited in the wild

Ivan Jenic — Mon, 16 Feb 2026 11:24:01 +0000

Google patches a critical Chrome vulnerability already under attack by hackers. Users should update their browsers immediately. Read more...

Microsoft patches Notepad flaw that could let attackers hijack Windows PCs

Ivan Jenic — Wed, 11 Feb 2026 11:08:02 +0000

Microsoft just patched a serious vulnerability in Notepad for Windows that could allow hackers to take control of victims' computers. Read more...

Microsoft patches serious Office zero-day vulnerability already being exploited in attacks

Ivan Jenic — Mon, 26 Jan 2026 20:36:01 +0000

Microsoft has finally addressed a serious zero-day vulnerability affecting multiple Office versions. However, not all users will receive it immediately. Read more...

Microsoft is securing a Windows Server component, IT admins warned about new configuration

Usama Jawad — Wed, 14 Jan 2026 16:04:01 +0000

IT admins have been told to follow guidance related to deployments handled via the Windows Deployment Services (WDS). There are only a few months left before a Windows Server feature is disabled. Read more...

Microsoft Mesh also impacted by Unity issue, patches rolling out for all games too

Usama Jawad — Mon, 06 Oct 2025 17:28:01 +0000

Microsoft has published a dedicated advisory for the recent Unity RCE vulnerability, indicating that Mesh applications and dozens of games are impacted. Read more...

WhatsApp just fixed a nightmare hack for iPhones and Macs

Usama Jawad — Fri, 29 Aug 2025 19:16:01 +0000

WhatsApp has recently fixed a rather dangerous vulnerability in iOS and macOS that was allowing hackers to steal data without any interaction from the user. Read more...

Microsoft Copilot's quiet flaw exposes audit log failures

Paul Hill — Wed, 20 Aug 2025 03:22:01 +0000

A researcher who reported a serious issue to Microsoft related to Copilot messing with audit logs has hit out at the firm for failing to inform customers. Read more...

Microsoft rolls out August 2025 security patches for Exchange Server

Usama Jawad — Tue, 12 Aug 2025 19:10:01 +0000

Microsoft has released August 2025 Security Updates (SUs) for Exchange Server deployments, containing fixes for the recent, high-severity CVE-2025-53786 flaw. Read more...

Researcher exposes Microsoft's flawed code that lets attackers access files on your computer

David Uzondu — Wed, 06 Aug 2025 13:34:01 +0000

Microsoft rolled out the NLWeb framework at Build 2025. Now, a new report shows it can be exploited to gain unauthorized file access. Read more...

Millions of Dell PCs have a security flaw, update now

Usama Jawad — Wed, 06 Aug 2025 02:10:01 +0000

A security flaw in ControlVault3 exposes millions of Dell PCs to high-severity threats, customers are advised to patch as soon as possible. Read more...

Google Project Zero exposes security flaw in libxslt library used in GNOME applications

Usama Jawad — Tue, 05 Aug 2025 13:36:01 +0000

Google's Project Zero team has publicly disclosed a UAF flaw in the popular libxslt library following GNOME's inability to fix it within 90 days of private reporting. Read more...

Hackers actively exploiting unpatched Microsoft SharePoint vulnerability CVE-2025-53770

Pradeep Viswanathan — Mon, 21 Jul 2025 04:44:02 +0000

A new critical vulnerability, CVE-2025-53770 (ToolShell), is being actively exploited to attack unpatched on-premises Microsoft SharePoint Servers. Read more...

A 13-year-old prodigy helped improve the security of Microsoft products

Usama Jawad — Wed, 02 Jul 2025 10:28:01 +0000

Microsoft has shared the story of a child prodigy, with whom the company has been working since he was 13 years old, to improve the security of its products. Read more...

Ubuntu's apport affected by core dump vulnerability, here's how to patch

Paul Hill — Sat, 31 May 2025 14:44:01 +0000

Ubuntu's apport has been discovered to contain a vulnerability that could put your sensitive information at risk. Here's how to patch your system. Read more...

Microsoft releases detailed FAQs about XZ Utils vulnerability in Linux systems

Karthik Mudaliar — Tue, 02 Apr 2024 05:30:01 +0000

Microsoft has released a detailed set of FAQs and recommendations for users who are affected by the XZ Utils vulnerability which allows a threat actor to exploit SSH operations and get remote access. Read more...

Microsoft Edge gets fixes for zero-day vulnerabilities exploited in the wild

Taras Buria — Fri, 29 Mar 2024 11:16:01 +0000

Microsoft Edge 123 (and 122 in the Extended Stable Channel), which was recently re-released in the Stable Channel, received fixes for four zero-day vulnerabilities exploited in the wild. Read more...

Three million Saflok locks can be opened by crooks due to 36-year-old security holes

Martin Hodás — Sat, 23 Mar 2024 00:00:01 +0000

Common electronic locks used in hotels still suffer from vulnerabilities reported to the manufacturer in 2022. It allows the hackers to forge universal keycards that can open any door. Read more...

European Court of Human Rights rules against government backdoors in end-to-end encryption

Martin Hodás — Sat, 17 Feb 2024 07:20:01 +0000

The discussion about law enforcers' access to end-to-end encrypted communication reached a key milestone in Europe. A court says, essentially, that implementing such a measure would be illegal. Read more...

PSA: Update your WinRAR copy to fix an actively exploited security vulnerability

Taras Buria — Wed, 18 Oct 2023 16:30:01 +0000

Here is a heads-up for WinRAR users: It is time to update the application to fix a vulnerability that numerous government-backed hacker groups have exploited since the beginning of the year. Read more...

GitHub now lets researchers privately report vulnerabilities to project maintainers

Paul Hill — Wed, 19 Apr 2023 22:50:01 +0000

GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability. Read more...

Google discloses CentOS Linux kernel vulnerabilities following failure to issue timely fixes

Usama Jawad — Thu, 23 Mar 2023 11:18:01 +0000

Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google. Read more...

Beware: Windows 11 system requirement Secure Boot broken on MSI motherboards, full list here

Sayan Sen — Tue, 17 Jan 2023 11:08:02 +0000

MSI motherboards, from both Intel and AMD, have been vulnerable due to a broken Secure Boot firmware setting issue. The bug would allow potentially malicious files to boot into an affected system. Read more...

Latest Exchange Server updates improve security of PowerShell payloads and add a known issue

Usama Jawad — Wed, 11 Jan 2023 08:44:01 +0000

Microsoft has rolled out January 2023's Security Updates (SUs) for support versions of Exchange Server. They include better security for PowerShell payloads, along with a known bug for OWA. Read more...

Security researcher bags $107K bounty for hacking Google Home to spy on you

Karthik Mudaliar — Fri, 30 Dec 2022 20:32:01 +0000

A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access. Read more...

Google Chrome is by far the most vulnerable browser in 2022: Study

Justin Luna — Fri, 07 Oct 2022 07:22:01 +0000

A new study has found that Google Chrome is the browser with the greatest number of security vulnerabilities in 2022. It is also the only browser with newly discovered vulnerabilities in October. Read more...

The PlayStation 5 has been jailbroken but the exploit is quite limited

Paul Hill — Mon, 03 Oct 2022 16:22:01 +0000

Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful. Read more...

Microsoft issues advisory about two 0-day vulnerabilities in Exchange Server, no fix yet

Usama Jawad — Fri, 30 Sep 2022 13:42:01 +0000

Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations. Read more...

TikTok's Android app had a vulnerability giving attackers undetectable access to accounts

Steve Bennett — Wed, 31 Aug 2022 17:24:01 +0000

The Microsoft 365 Defender Research Team has today disclosed a high-severity vulnerability in the Android version of TikTok, allowing attackers to access user accounts with a single click. Read more...

Janet Jackson song is now an official exploit for Windows PCs

Usama Jawad — Thu, 18 Aug 2022 13:36:01 +0000

The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery. Read more...

Signal phone numbers of 1,900 users exposed in Twilio phishing attack

Hemant Saxena — Tue, 16 Aug 2022 06:36:02 +0000

Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack. Read more...

Google Chrome receives emergency security update for 0-day exploit

Usama Jawad — Tue, 05 Jul 2022 06:40:02 +0000

Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity. Read more...

Open-Source code is unsafe and risky because of its rampant use, claims report

Alap Naik Desai — Tue, 21 Jun 2022 18:16:02 +0000

Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks. Read more...

June Patch Tuesday: Microsoft fixes Follina vulnerability but not DogWalk

Usama Jawad — Wed, 15 Jun 2022 09:16:02 +0000

Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it. Read more...

Atlassian: There is a critical RCE flaw in Confluence, block internet access ASAP [Update]

Usama Jawad — Fri, 03 Jun 2022 08:58:01 +0000

Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP. Read more...

Protocol vulnerability allows launching malicious Windows Search by just opening Word file

Taras Buria — Thu, 02 Jun 2022 06:54:02 +0000

A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file. Read more...

CISA: Don't install Windows Patch Tuesday updates for May on Domain Controllers

Usama Jawad — Tue, 17 May 2022 07:06:01 +0000

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues. Read more...

Microsoft Edge and Google Chrome get emergency update to patch security vulnerability

Usama Jawad — Sun, 27 Mar 2022 12:42:01 +0000

Chromium has received an update to patch a rather mysterious but severe vulnerability in its V8 engine. Both Google and Microsoft have updated their respective browsers but are being very secretive. Read more...