GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability.
Windows 11 build 23545 fixes a number of File Explorer bugs and more
windows 11 insider preview
Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google.
MSI motherboards, from both Intel and AMD, have been vulnerable due to a broken Secure Boot firmware setting issue. The bug would allow potentially malicious files to boot into an affected system.
Microsoft has rolled out January 2023's Security Updates (SUs) for support versions of Exchange Server. They include better security for PowerShell payloads, along with a known bug for OWA.
A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.
A new study has found that Google Chrome is the browser with the greatest number of security vulnerabilities in 2022. It is also the only browser with newly discovered vulnerabilities in October.
Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful.
Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations.
The Microsoft 365 Defender Research Team has today disclosed a high-severity vulnerability in the Android version of TikTok, allowing attackers to access user accounts with a single click.
The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery.
Signal has reported a recent phishing attack on its verification service provider, Twilio, which has exposed approximately 1,900 users registered to a Signal account. Twilio has shut down the attack.
Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity.
Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks.
Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it.
Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is no longer recommending the installation of May Patch Tuesday updates on Domain Controllers because of authentication issues.
Chromium has received an update to patch a rather mysterious but severe vulnerability in its V8 engine. Both Google and Microsoft have updated their respective browsers but are being very secretive.
Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups.
Microsoft has published details about a security vulnerability dubbed "AutoWarp" in Azure Automation service. It could enable attackers to get access to resources of other Azure customers.
Google's Project Zero team has shared some interesting stats regarding its findings for the past couple of years today. Interestingly, it found the most security issues in Microsoft products.
While this week was relatively slow due to the holiday season, we do have some notable items to recap including Active Directory woes, a couple of acquisitions, and what almost became Cortana's name.
Microsoft has issued an advisory about an Active Directory privilege escalation attack. The vulnerabilities have already been patched but unpatched domain controllers are more at risk now than ever.
Microsoft has revealed more details about a macOS vulnerability that it discovered and reported to Apple. A patch is now out for OS-level flaw "Shrootless" on macOS Monterey, Catalina, and Big Sur.
Microsoft has acknowledged that it is investigating a Windows zero-day vulnerability that is currently being exploited in the wild. The firm has provided a workaround that involves AcitveX controls.
A major flaw in Azure Cosmos DB has exposed customer data and given admin access to it for the past couple of years. Microsoft has now patched the issue and asked customers to rotate their keys.
Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products.
Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended.
Google has decided to launch a new dedicated website that unifies the different VRPs and makes publishing bug reports and submissions easier. This is to celebrate 10 years of its VRP.
Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem.
Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it.
Microsoft has begun rolling out a mandatory update for the most recent Windows 10 versions - 2004, 20H2, and 21H1 - to patch the recently acknowledged PrintNightmare critical vulnerability.
In this week's recap, we'll cover more info that has surfaced about Windows 11, the severe PrintNightmare vulnerability, and even a dash of gaming news. Be sure to catch up via our overview.
Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity.
An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution.
"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.
A researcher has discovered a vulnerability in Facebook that allows hackers to scrape users' email addresses. Facebook tried to play it cool but did confirm that the vulnerability is still not fixed.
Microsoft has released a new set of security updates for numerous Exchange Server versions following the discovery of certain security flaws. Exchange Online once again contains protections already.
Microsoft has announced that based on the telemetry data it has been observing from 400,000 on-premises Exchange Server IPs, 92% have applied patches to mitigate the ongoing security vulnerabilities.