Update now! June’s Patch Tuesday—one zero-day, but it’s a doozy
Microsoft’s Patch Tuesday for May 2024 looks relaxed, but there are some fixes that need your attention.
3 minutes
Vulnerabilities
Teams of AI agents can exploit zero-day vulnerabilities
New research shows that teams of AI agents working together are much better at vulnerability research and exploitation than individual…
2 minutes
Microsoft calls time on NTLM, so should you
The NTLM authentication protocol will no longer be developed by Microsoft, so administrators should switch as soon as possible.
2 minutes
Azure Service Tags vulnerability could allow attackers to access private data
Researchers have found that relying on Azure Service Tags to restrict access to systems is not a secure solution. Microsoft…
2 minutes
Patch now! Critical vulnerability in Veeam’s Backup Enterprise Manager
Veeam has issued an advisory about several vulnerabilities in its Backup Enterprise Manager (VBEM).
1 minute
Update now! GitHub patches critical vulnerability in Enterprise Server
GitHub has issued a patch for a critical and easy to exploit authentication bypass vulnerability in GitHub Enterprise Server.
1 minute
“Linguistic Lumberjack” vulnerability impacts all major cloud providers
Researchers have discovered a severe memory corruption vulnerability in Fluent Bit, a utility used by major cloud providers.
2 minutes
Wi-Fi design flaw makes networks vulnerable to hijacking
Researchers have discovered a flaw in the Wi-Fi standard that allows SSID confusion attacks.
2 minutes
Update now! Microsoft’s May Patch Tuesday includes two actively exploited vulnerabilities
This month’s Patch Tuesday updates contain fixes for two actively exploited vulnerabilities, another that is publicly disclosed, and a fourth…
2 minutes
F5 fixes two remotely exploitable vulnerabilities in BIG-IP Next Central Manager
F5 has released patches for two vulnerabilities in its BIG-IP Next Central Manager that could enable an attacker to gain…
2 minutes
Gitlab zero-click vulnerability under active exploitation
An account takeover vulnerability in GitLab needs your immediate attention.
2 minutes
Update now! CrushFTP vulnerability allows data theft and possibly server compromise
Some 2,700 CrushFTP instances have their web interface exposed online.
2 minutes
Microsoft warns about actively abused vulnerability in Windows Print Spooler service
Microsoft has warned about a Russian state actor exploiting a Print Spooler vulnerability with a tool called GooseEgg.
2 minutes
MITRE breached through Ivanti Connect Secure vulnerabilities
MITRE was breached by a threat actor leveraging two Ivanti Connect Secure vulnerabilities.
4 minutes
What makes some zero-day vulnerabilities more valuable than others?
Some vulnerabilities are more valuable or more urgent than others. What are the determining factors?
4 minutes
