Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe
All you need to know about preventing adversaries from exploiting the recently disclosed vulnerabilities in the Thunderbolt interface
Vulnerability
Microsoft patches critical, wormable flaw in Windows DNS Server
The company urges organizations to waste no time in installing updates to fix the vulnerability that rates a ‘perfect’ 10 on the severity scale
Zoom patches zero‑day flaw in Windows client
The vulnerability exposed Zoom users running Windows 7 or earlier OS versions to remote attacks
Popular home routers plagued by critical security flaws
A study paints a dim picture of router security, as none of the 127 devices tested was free of severe vulnerabilities
Attackers target critical flaw in popular networking gear
The vulnerability, which received the highest possible severity score, leaves thousands of devices at risk of being taken over by remote attackers. A patch is available.
Microsoft releases emergency update to fix two serious Windows flaws
The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical
Ripple20 bugs expose hundreds of millions of devices to attacks
Devices used in the energy, transportation and communications sectors are also affected by the flaws in the TCP/IP software library
Microsoft ships hefty patch load this month
The latest Patch Tuesday knocks out a record-high number of vulnerabilities, including new bugs in the SMB protocol
Mozilla fixes five high‑risk Firefox flaws, bug in DoH feature
The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers
Bug in ‘Sign in with Apple’ could have allowed account hijacking
The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000
Critical Android flaw lets attackers hijack almost any app, steal data
Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers
Bluetooth flaw exposes countless devices to BIAS attacks
As many as 30 different smartphones, laptops and other devices were tested – and all were found to be vulnerable
Microsoft fixes vulnerability affecting all Windows versions since 1996
Another vulnerability in the same Windows component was abused by Stuxnet a decade ago
Thunderbolt flaws open millions of PCs to physical hacking
A new attack method enables bad actors to access data on a locked computer via an evil maid attack within 5 minutes
Almost a million WordPress websites targeted in massive campaign
An unknown threat actor is exploiting vulnerabilities in plugins for which patches have been available for months, or even years
Microsoft Teams flaw could let attackers hijack accounts
Microsoft plugs a security hole that could have enabled attackers to weaponize a GIF in order to hijack Teams accounts and steal data
iOS Mail app flaws may have left iPhone users vulnerable for years
A pair of vulnerabilities in the default email app on iOS devices is believed to have been exploited against high-profile targets
Serious flaws found in multiple smart home hubs: Is your device among them?
In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them
Microsoft warns of two Windows zero‑day flaws
Updates for the critical-rated vulnerabilities, which are being actively exploited in the wild, are still weeks away
Flaw in popular VPN service may have exposed customer data
NordVPN praised its bug bounty program and said that a fix had been shipped within two days