Microsoft warns of a critical Exchange Server flaw that could let attackers hijack browsers through emails, with full fixes locked behind paid support for some.
Vulnerability RSS
Is there a backdoor in BitLocker? A new exploit suggests Microsoft might have left the door open for data access, while a second flaw threatens system security.
Windows 11's Recall is in hot water again, as a newly released tool shows how to extract all the screenshots and captured data.
Google patches a critical Chrome vulnerability already under attack by hackers. Users should update their browsers immediately.
Microsoft just patched a serious vulnerability in Notepad for Windows that could allow hackers to take control of victims' computers.
Microsoft has finally addressed a serious zero-day vulnerability affecting multiple Office versions. However, not all users will receive it immediately.
IT admins have been told to follow guidance related to deployments handled via the Windows Deployment Services (WDS). There are only a few months left before a Windows Server feature is disabled.
Microsoft has published a dedicated advisory for the recent Unity RCE vulnerability, indicating that Mesh applications and dozens of games are impacted.
WhatsApp has recently fixed a rather dangerous vulnerability in iOS and macOS that was allowing hackers to steal data without any interaction from the user.
A researcher who reported a serious issue to Microsoft related to Copilot messing with audit logs has hit out at the firm for failing to inform customers.
Microsoft has released August 2025 Security Updates (SUs) for Exchange Server deployments, containing fixes for the recent, high-severity CVE-2025-53786 flaw.
Microsoft rolled out the NLWeb framework at Build 2025. Now, a new report shows it can be exploited to gain unauthorized file access.
A security flaw in ControlVault3 exposes millions of Dell PCs to high-severity threats, customers are advised to patch as soon as possible.
Google's Project Zero team has publicly disclosed a UAF flaw in the popular libxslt library following GNOME's inability to fix it within 90 days of private reporting.
A new critical vulnerability, CVE-2025-53770 (ToolShell), is being actively exploited to attack unpatched on-premises Microsoft SharePoint Servers.
Microsoft has shared the story of a child prodigy, with whom the company has been working since he was 13 years old, to improve the security of its products.
Ubuntu's apport has been discovered to contain a vulnerability that could put your sensitive information at risk. Here's how to patch your system.
Microsoft has released a detailed set of FAQs and recommendations for users who are affected by the XZ Utils vulnerability which allows a threat actor to exploit SSH operations and get remote access.
Microsoft Edge 123 (and 122 in the Extended Stable Channel), which was recently re-released in the Stable Channel, received fixes for four zero-day vulnerabilities exploited in the wild.
Common electronic locks used in hotels still suffer from vulnerabilities reported to the manufacturer in 2022. It allows the hackers to forge universal keycards that can open any door.
The discussion about law enforcers' access to end-to-end encrypted communication reached a key milestone in Europe. A court says, essentially, that implementing such a measure would be illegal.
Here is a heads-up for WinRAR users: It is time to update the application to fix a vulnerability that numerous government-backed hacker groups have exploited since the beginning of the year.
GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability.
Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google.
MSI motherboards, from both Intel and AMD, have been vulnerable due to a broken Secure Boot firmware setting issue. The bug would allow potentially malicious files to boot into an affected system.
Microsoft has rolled out January 2023's Security Updates (SUs) for support versions of Exchange Server. They include better security for PowerShell payloads, along with a known bug for OWA.
A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.
A new study has found that Google Chrome is the browser with the greatest number of security vulnerabilities in 2022. It is also the only browser with newly discovered vulnerabilities in October.
Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful.
Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations.
The Microsoft 365 Defender Research Team has today disclosed a high-severity vulnerability in the Android version of TikTok, allowing attackers to access user accounts with a single click.
The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery.
Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack.
Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity.
Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks.
Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues.
Chromium has received an update to patch a rather mysterious but severe vulnerability in its V8 engine. Both Google and Microsoft have updated their respective browsers but are being very secretive.