All of Microsoft's server and client Windows versions are susceptible to a new NTLM security flaw. An unofficial patch has been released by 0patch.
Security flaw RSS
A critical zero-click vulnerability in Synology's Photos app could expose millions of devices to cyberattacks. Urgent updates are required to protect your data.
Cisco Talos discovered eight vulnerabilities in Microsoft 365 apps on macOS. These vulnerabilities allow hackers to bypass macOS permissions and perform actions like sending emails or recording audio.
Microsoft has published a detailed guidance post on how to deal with a recently uncovered security vulnerability that can downgrade almost all modern Windows 11/10/Server PCs with VBS.
Tenable discovered two security vulnerabilities in Microsoft's Azure Health Bot service. The first vulnerability, found in the "Data Connections" feature, allowed unauthorized access to resources.
Security researchers have discovered a vulnerability in a Windows system driver that can be abused to trigger a blue screen of death (BSOD), even on fully updated Windows 11 and 10 systems.
A new Windows security vulnerability has been found which can alter Windows Update to downgrade your PC, even if you are fully updated with all the latest patches. It's also irreversible.
Dropbox has revealed a data breach at its Dropbox Sign e-signature service that may have exposed customers' personal information, including emails, usernames, phone numbers, and hashed passwords.
Microsoft has blocked Secure Boot mitigations for the BlackLotus (CVE-2023-24932) vulnerability on some PCs. The block affects Windows Server 2012 and 2012 R2 systems due to incompatibilities with TPM
Microsoft released patches for a couple of Kerberos authentication vulnerabilities tracked under CVE-2024-26248 and CVE-2024-29056. Details about its enforcement timeline have been shared.
Remember the Spectre CPU vulnerability that reared its head for the first time in 2017? Variant 2 of Spectre is back, and as such, Microsoft has published guidance about the mitigation.
The Indian government has resolved one of the most significant breaches of its citizens' sensitive information which included Aadhar information, COVID-19 vaccination records, and even addresses.
A curious Microsoft employee has saved the world from a potential global meltdown as several Linux distros were found vulnerable to an XZ backdoor tracked under CVE-2024-3094 (CVSS score of 10.0).
Microsoft has released a detailed set of FAQs and recommendations for users who are affected by the XZ Utils vulnerability which allows a threat actor to exploit SSH operations and get remote access.
Home security camera maker Wyze confirmed earlier today that an online security issue that happened late last week caused 13,000 camera owners to briefly see images of other people's homes
TPM sniffing attacks, which we have covered before, are possible even on modern Intel-powered hardware running the latest Windows 11. Such attacks may however be preventable by Microsoft's Pluton.
Microsoft released a security fix for a Group Policy-related vulnerability for the oldest Windows 10 version recently. The patch should be will be deployed via the RSAT Server tool.
Microsoft has addressed a security vulnerability that can lead to BitLocker Secure Boot bypass on both Windows 10 and 11. Alongside that, the company has also detailed how to resize the WinRE space.
Some of Asus' popular mid-range and high-end routers have been found to be vulnerable to remote code execution and code injection attacks. Check the full list of routers and the firmware patches here.
Microsoft and Intel have cautioned about a recent security vulnerability affecting 7th Gen, 8th Gen, 9th Gen, 10th Gen, and 11th Gen chips. This security vulnerability is called Downfall or GDS.
A security threat research team had notified Microsoft about several major security vulnerabilities in its PowerShell Gallery. The flaws remain even after the tech giant claimed they were fixed.
Microsoft had warned about a kernel patch that could break something on the system. However, two months since, it has pushed that update enabling it by default via the latest Patch Tuesday.
CrowdStrike has shared details on Spyboy Terminator EDR killer. It is one of the EDRs, alongside the likes of Microsoft Defender, Avast, and more, that can be disabled by the evasion tool.
Microsoft recently began patching UEFI bootkit vulnerabilities with this month's Patch Tuesday update. The company has now released a helpful guide about blocking such Windows boot managers.
Microsoft has released details on how it plans to protect against unsupported, unpatched, vulnerable Exchange Servers. The tech giant says that it will throttle and eventually block such mails.
An AMD fTPM side channel security flaw dubbed "faulTPM" has been discovered by researchers. This security bug can even bypass BitLocker and it affects modern Windows 11-supported Ryzen chips.
Microsoft has issued PowerShell scripts for multiple security vulnerabilities on Windows 11 and Windows 10. These are for speculative side channel attack CPU flaws, thirteen in total.
Microsoft has published some helpful guidance against the BlackLotus UEFI bootkit vulnerability that can bypass Secure Boot, VBS, BitLocker, Windows Defender, and more to infect updated Windows PCs.
Microsoft has released a couple of PowerShell scripts to address a BitLocker bypass security vulnerability issue. In its bulletin, the company has explained the differences between the two scripts.
BlackLotus, which is a bootkit, has been doing the rounds on the internet since last year. This bootkit is capable of bypassing Secure Boot, disabling BitLocker, Microsoft Defender, and more.
AMD has advised users to update Ryzen Master as it was vulnerable to a high severity flaw. This follows the earlier report today where the company's CPUs have begun exhibiting fTPM stutters on Linux.
Microsoft has formally announced that it has deprecated MSDT and its related troubleshooters. The company has explained in a document how the retirement is going to be a gradual phase out.
Microsoft Defender, AVG, Avast, and more, were found vulnerable to a new zero-day security exploit through which harmless files, even system files, could be deleted using the anti-virus.
Today, Microsoft has issued important security fixes to address DoS vulnerabilities affecting .NET Core and Visual Studio. The patches are available via .NET 6.0.9 and .NET Core 3.1.29.
HP has warned that it has discovered a new high severity privilege escalation vulnerability inside its own Support Assistant software utility. The company has also issued a fix for the security flaw.
Google has revealed an expansion to its Vulnerability Reward Program (VRP). It is designed to encourage privately reporting security flaws in open source software in exchange for monetary rewards.
Modern Intel processors consisting of 10th Gen, 11th Gen and 12th Gen CPUs have been found to be vulnerable to a new "ÆPIC" security flaw. The vulnerability is able to exploit Intel's APIC MMIO.
AMD Zen-based processors with Simultaneous Multi-threading (SMT) like Ryzen, Threadripper, EPYC, and Athlon CPUs have been found to be vulnerable to a new “SQUIP” side-channel attack.
Atlassian has disclosed yet another critical severity flaw in Confluence. The latest issue is very trivial to exploit as it involves leveraging hardcoded credentials to get wide access to Confluence.
Following in the footsteps of Chrome, Edge has received an update to fix a rather severe 0-day exploit too. This is because the issue affects all browsers based on Chromium, including Edge.