Microsoft ships hefty patch load this month
The latest Patch Tuesday knocks out a record-high number of vulnerabilities, including new bugs in the SMB protocol
Vulnerability
Mozilla fixes five high‑risk Firefox flaws, bug in DoH feature
The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers
Bug in ‘Sign in with Apple’ could have allowed account hijacking
The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000
Critical Android flaw lets attackers hijack almost any app, steal data
Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers
Bluetooth flaw exposes countless devices to BIAS attacks
As many as 30 different smartphones, laptops and other devices were tested – and all were found to be vulnerable
Microsoft fixes vulnerability affecting all Windows versions since 1996
Another vulnerability in the same Windows component was abused by Stuxnet a decade ago
Thunderbolt flaws open millions of PCs to physical hacking
A new attack method enables bad actors to access data on a locked computer via an evil maid attack within 5 minutes
Almost a million WordPress websites targeted in massive campaign
An unknown threat actor is exploiting vulnerabilities in plugins for which patches have been available for months, or even years
Microsoft Teams flaw could let attackers hijack accounts
Microsoft plugs a security hole that could have enabled attackers to weaponize a GIF in order to hijack Teams accounts and steal data
iOS Mail app flaws may have left iPhone users vulnerable for years
A pair of vulnerabilities in the default email app on iOS devices is believed to have been exploited against high-profile targets
Serious flaws found in multiple smart home hubs: Is your device among them?
In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them
Microsoft warns of two Windows zero‑day flaws
Updates for the critical-rated vulnerabilities, which are being actively exploited in the wild, are still weeks away
Flaw in popular VPN service may have exposed customer data
NordVPN praised its bug bounty program and said that a fix had been shipped within two days
KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices
ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices
Plugin flaw leaves up to 200,000 WordPress sites at risk of attack
A fix is available, so you may want to make sure that you run the plugin’s latest version
Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws
February may be the shortest month of the year, but it brings a bumper crop of patches
Critical Bluetooth bug leaves Android users open to attack
Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction
New Internet Explorer zero‑day remains unpatched
You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a fix
Microsoft patches severe Windows flaw after tip‑off from NSA
The US intelligence agency expects attackers to waste no time in developing tools aimed at exploiting the vulnerability
Millions of modems at risk of remote hijacking
Multiple cable modem models from various manufacturers found vulnerable to takeover attacks