Ghostscript bug could allow rogue documents to run system commands

Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

WordPress plugin lets users become admins – Patch early, patch often!

Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.

More MOVEit mitigations: new patches published for further protection

Good news... more patches, this time available proactively

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

Little Bobby Tables is back!

VMware patches break-and-enter hole in logging tools: update now!

You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Google Pixel phones had a serious data leakage bug – here’s what to do!

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Apple patches are out – old iPhones get an old zero-day fix at last!

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Apple patches everything, finally reveals mystery of iOS 16.1.2

There's an update for everything this time, not just for iOS.

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too

Ninth more unto the breach, dear friends, ninth more.

Log4Shell-like code execution hole in popular Backstage dev tool

Good old "string templating", also known as "string interpolation", in the spotlight again...

Dangerous SIM-swap lockscreen bypass – update Android now!

A bit like leaving the front door keys under the doormat...

The OpenSSL security update story – how can you tell what needs fixing?

How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...

Zoom for Mac patches sneaky “spy-on-me” bug – update now!

Hey! That back door isn't supposed to be there at all, let alone propped open...

Mystery iPhone update patches against iOS 16 mail crash-attack

The problem with crashy messaging apps is that *other people* get to choose if and when to send you messages...

S3 Ep102: How to avoid a data breach [Audio + Transcript]

Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Zoom for Mac patches critical bug – update now!

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Atlassian announces 0-day hole in Confluence Server – update now!

Zero-day announced - here's what you need to know

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

Yet another Chrome zero-day emergency update – patch now!

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

Two different “VMware Spring” bugs at large – we cut through the confusion

Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusion

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

Easy unauthenticated remote code execution - PoC code already out

Google Chrome patches mysterious new zero-day bug – update now

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

Google announces zero-day in Chrome browser – update now!

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

Home routers with NetUSB support could have critical kernel hole

Got a router that supports USB access across the network? You might need a kernel update...

Log4Shell: The Movie… a short, safe visual tour for work and home

Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!