Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls.
A major flaw in Azure Cosmos DB has exposed customer data and given admin access to it for the past couple of years. Microsoft has now patched the issue and asked customers to rotate their keys.
Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products.
Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.
Google has decided to launch a new dedicated website that unifies the different VRPs and makes publishing bug reports and submissions easier. This is to celebrate 10 years of its VRP.
Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.
Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.
Microsoft has begun rolling out a mandatory update for the most recent Windows 10 versions - 2004, 20H2, and 21H1 - to patch the recently acknowledged PrintNightmare critical vulnerability.
In this week's recap, we'll cover more info that has surfaced about Windows 11, the severe PrintNightmare vulnerability, and even a dash of gaming news. Be sure to catch up via our overview.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.
"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.
A researcher has discovered a vulnerability in Facebook that allows hackers to scrape users' email addresses. Facebook tried to play it cool but did confirm that the vulnerability is still not fixed.
Microsoft has released a new set of security updates for numerous Exchange Server versions following the discovery of certain security flaws. Exchange Online once again contains protections already.
Microsoft has announced that based on the telemetry data it has been observing from 400,000 on-premises Exchange Server IPs, 92% have applied patches to mitigate the ongoing security vulnerabilities.
Microsoft has published another advisory regarding ongoing Exchange server attacks, stating that it is pushing emergency updates to patch vulnerabilities in certain out-of-support software as well.
Microsoft and Intel will help DARPA develop technology that allows computations to be performed on encrypted data. It's too intensive to do this today but DARPA hopes to crack the problem.
Microsoft has revealed that on-premises Exchange servers are under attack from a state-sponsored group operating from China and utilizing 0-day exploits. Exchange Online is safe from the threat.
CD Projekt RED has pushed out a hotfix for the PC version of Cyberpunk 2077 addressing the security vulnerability that was exposed earlier this week related to exposed external DLL files.
CDPR has advised caution for users who utilize custom mods and saves to enhance their gaming experience in Cyberpunk 2077 on PC after the discovery of a security exploit in external DLL files.
Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware.
Following multiple delays from Microsoft, Google's Project Zero security team has disclosed yet another high severity security flaw in Windows. If exploited, it can cause elevation of privilege.
According to a report, dozens of journalists - mostly from Al Jazeera - had their iPhones hacked via an Israeli firm's spyware. Four attackers have been linked to the UAE and Saudi Arabia.
Cross-site leaks allow unrelated web applications to share information between each other. Google has now launched a repository to collaborate with researchers and developers to tackle this problem.
The "high" severity security flaw in GitHub publicly disclosed by Google's Project Zero team earlier this month has finally been patched. The security team has validated the fix and closed it.
IBM researchers discovered three vulnerabilities in Cisco's Webex that allowed attackers to join meetings without being detected, even after being expelled. The bugs have now been fixed.
Google's Project Zero team has disclosed a "high" severity security flaw in GitHub following the latter's inability to provide a fix in the 104 days - which includes a grace period - allotted to it.
Google's Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month.
A new finding by a security researcher suggests that specially crafted Windows 10 themes files can be used to redirect users to an authentication-required site to steal their Microsoft credentials.
A new report has emerged claiming that Microsoft fixed a significant security vulnerability in various versions of Windows, even though a Google-owned service disclosed it to Microsoft in 2018.
Google's Project Zero team has publicly revealed yet another security flaw in Windows which allows elevation of privilege, claiming that Microsoft's fix is incomplete and does not resolve the issue.
Twitter has recently discovered a vulnerability in its Android app that could have granted attackers access to users' private data including Direct Messages. The company says it's now fixed.
A newly discovered flaw in Secure Boot affects almost all Linux distros and Windows devices that leverage the UEFI boot tech. If the flow is exploited, attackers can gain full control of the system.
The security firm Promon has publicly disclosed a vulnerability affecting Android 9.0 and below called StrandHogg 2.0. It can be used to steal a user's personal information including passwords.
Mozilla has released Firefox 74.0.1 which includes patches for two zero-day vulnerabilities that are actively being exploited in the wild. The vulnerabilities allow hackers to run code on systems.
Before being patched, the encryption vulnerability dubbed 'Kr00k', could have affected over a billion devices running Broadcom and Cyprus chipsets, including the iPhone and Samsung Galaxy lineup.
Twitter has revealed that hackers attempted to match phone numbers to Twitter usernames. It said the hack may have been state-backed, possibly being linked to Iran, Israel, or Malaysia.
Twitter has announced that it's suspending the ability to send tweets via SMS while it addresses a vulnerability, with the help of mobile carriers. It comes after Twitter CEO, Jack Dorsey, got hacked.
Microsoft has identified and patched two critical vulnerabilities in Windows Remote Desktop Services that affect Windows 7 through 10. The two Bluekeep-like vulnerabilities are also wormable.