Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update
The company's final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which,…
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed,…
Windows 11 KB5033375 update released with upgraded Copilot AI-assistant
Microsoft has released the KB5033375 update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities, upgrade Copilot for…
Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover
Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than…
Over 1,450 pfSense servers exposed to RCE attacks via bug chain
Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable…
Ex-Uber CISO Advocates ‘Personal Incident Response Plan’ for Security Execs
Why Joe Sullivan feels paying off attackers was a way of solving the problem.
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution…
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three…
Counter-Strike 2 HTML injection bug exposes players’ IP addresses
Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games…
AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.…