Security News

May 2025 Patch Tuesday forecast: Panic, change, and hope
2025-05-09 06:10

April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed...

SonicWall urges admins to patch VPN flaw exploited in attacks
2025-05-08 11:19

SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks [...]

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
2025-04-28 08:06

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor...

Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025
2025-04-28 06:37

Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced that its preview of hotpatching for on-prem Windows Server...

Emergency patch for potential SAP zero-day that could grant full system control
2025-04-25 15:31

German software giant paywalls details, but experts piece together the clues SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been...

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
2025-04-19 14:05

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
2025-04-17 21:34

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

Old Fortinet flaws under attack with new method its patch didn't prevent
2025-04-14 05:35

PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Infosec In Brief Fortinet last week admitted that attackers have found new ways to exploit three...

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
2025-04-10 14:13

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put...

April's Patch Tuesday leaves unlucky Windows Hello users unable to login
2025-04-09 21:53

Can't Redmond ask its whizz-bang Copilot AI to fix it? Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using...