All of Microsoft's server and client Windows versions are susceptible to a new NTLM security flaw. An unofficial patch has been released by 0patch.
Security vulnerability RSS
A critical zero-click vulnerability in Synology's Photos app could expose millions of devices to cyberattacks. Urgent updates are required to protect your data.
Cisco Talos discovered eight vulnerabilities in Microsoft 365 apps on macOS. These vulnerabilities allow hackers to bypass macOS permissions and perform actions like sending emails or recording audio.
Google Play Security Reward Program incentivized developers and security researchers to check Android apps for vulnerabilities. However, Google has notified participants that the program ends soon.
Microsoft has published a detailed guidance post on how to deal with a recently uncovered security vulnerability that can downgrade almost all modern Windows 11/10/Server PCs with VBS.
Tenable discovered two security vulnerabilities in Microsoft's Azure Health Bot service. The first vulnerability, found in the "Data Connections" feature, allowed unauthorized access to resources.
Security researchers have discovered a vulnerability in a Windows system driver that can be abused to trigger a blue screen of death (BSOD), even on fully updated Windows 11 and 10 systems.
A new Windows security vulnerability has been found which can alter Windows Update to downgrade your PC, even if you are fully updated with all the latest patches. It's also irreversible.
A community of Rabbit R1 developers has found a serious flaw in the company's code that allows third parties to access text prompts sent through R1, which could contain sensitive data.
Millions of users could get free laundry service due to a bug that affects internet-connected laundry machines operated by CSC ServiceWorks. The bug has existed for months now and is yet to be fixed.
Microsoft is rolling out another Edge update in the Stable and Extended Stable channels to fix one more Chromium security vulnerability, CVE-2024-4761, which is exploited in the wild.
Microsoft has issued a security update for its browser in the Stable Stable and Extended Stable channels. Version 124.0.2478.97 fixes two security vulnerabilities exploited in the wild.
Microsoft has blocked Secure Boot mitigations for the BlackLotus (CVE-2023-24932) vulnerability on some PCs. The block affects Windows Server 2012 and 2012 R2 systems due to incompatibilities with TPM
Microsoft released patches for a couple of Kerberos authentication vulnerabilities tracked under CVE-2024-26248 and CVE-2024-29056. Details about its enforcement timeline have been shared.
Remember the Spectre CPU vulnerability that reared its head for the first time in 2017? Variant 2 of Spectre is back, and as such, Microsoft has published guidance about the mitigation.
The Indian government has resolved one of the most significant breaches of its citizens' sensitive information which included Aadhar information, COVID-19 vaccination records, and even addresses.
A curious Microsoft employee has saved the world from a potential global meltdown as several Linux distros were found vulnerable to an XZ backdoor tracked under CVE-2024-3094 (CVSS score of 10.0).
Microsoft has released a detailed set of FAQs and recommendations for users who are affected by the XZ Utils vulnerability which allows a threat actor to exploit SSH operations and get remote access.
TPM sniffing attacks, which we have covered before, are possible even on modern Intel-powered hardware running the latest Windows 11. Such attacks may however be preventable by Microsoft's Pluton.
Microsoft released a security fix for a Group Policy-related vulnerability for the oldest Windows 10 version recently. The patch should be will be deployed via the RSAT Server tool.
Apple has released a security update to address a Bluetooth-related vulnerability affecting various Magic Keyboard models. The vulnerability allowed an attacker to monitor Bluetooth traffic.
Microsoft has addressed a security vulnerability that can lead to BitLocker Secure Boot bypass on both Windows 10 and 11. Alongside that, the company has also detailed how to resize the WinRE space.
Some of Asus' popular mid-range and high-end routers have been found to be vulnerable to remote code execution and code injection attacks. Check the full list of routers and the firmware patches here.
Microsoft and Intel have cautioned about a recent security vulnerability affecting 7th Gen, 8th Gen, 9th Gen, 10th Gen, and 11th Gen chips. This security vulnerability is called Downfall or GDS.
A security threat research team had notified Microsoft about several major security vulnerabilities in its PowerShell Gallery. The flaws remain even after the tech giant claimed they were fixed.
Microsoft had warned about a kernel patch that could break something on the system. However, two months since, it has pushed that update enabling it by default via the latest Patch Tuesday.
CrowdStrike has shared details on Spyboy Terminator EDR killer. It is one of the EDRs, alongside the likes of Microsoft Defender, Avast, and more, that can be disabled by the evasion tool.
Microsoft recently began patching UEFI bootkit vulnerabilities with this month's Patch Tuesday update. The company has now released a helpful guide about blocking such Windows boot managers.
Microsoft has released details on how it plans to protect against unsupported, unpatched, vulnerable Exchange Servers. The tech giant says that it will throttle and eventually block such mails.
An AMD fTPM side channel security flaw dubbed "faulTPM" has been discovered by researchers. This security bug can even bypass BitLocker and it affects modern Windows 11-supported Ryzen chips.
Microsoft has issued PowerShell scripts for multiple security vulnerabilities on Windows 11 and Windows 10. These are for speculative side channel attack CPU flaws, thirteen in total.
Microsoft has published some helpful guidance against the BlackLotus UEFI bootkit vulnerability that can bypass Secure Boot, VBS, BitLocker, Windows Defender, and more to infect updated Windows PCs.
Microsoft has released a couple of PowerShell scripts to address a BitLocker bypass security vulnerability issue. In its bulletin, the company has explained the differences between the two scripts.
BlackLotus, which is a bootkit, has been doing the rounds on the internet since last year. This bootkit is capable of bypassing Secure Boot, disabling BitLocker, Microsoft Defender, and more.
AMD has advised users to update Ryzen Master as it was vulnerable to a high severity flaw. This follows the earlier report today where the company's CPUs have begun exhibiting fTPM stutters on Linux.
Microsoft has formally announced that it has deprecated MSDT and its related troubleshooters. The company has explained in a document how the retirement is going to be a gradual phase out.
CISA has released a data recovery script dubbed "ESXiArgs-Recover" in order to help users who have been affected by the massive worldwide ESXiArgs ransomware server attacks on VMWare's vSphere.
A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.
Microsoft Defender, AVG, Avast, and more, were found vulnerable to a new zero-day security exploit through which harmless files, even system files, could be deleted using the anti-virus.
AMD has shared details about a Spectre Variant 2 vulnerability that affects almost all AMD Ryzen, Athlon, and EPYC systems. The security flaw is patched in the latest Patch Tuesday updates.