“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

By Paul Ducklin — March 30^th 2022 at 20:38

Easy unauthenticated remote code execution - PoC code already out

Google Chrome patches mysterious new zero-day bug – update now

By Paul Ducklin — March 28^th 2022 at 14:18

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

By Paul Ducklin — March 18^th 2022 at 17:59

When it comes to writing loops in your code... never sit on the fence!

By Paul Ducklin — March 10^th 2022 at 19:37

Latest episode - listen now!

By Paul Ducklin — March 8^th 2022 at 19:37

Even read-only files can be written to, leading to a dangerously general purpose elevation-of-privilege attack.

pipe-1200

By Paul Ducklin — February 22^nd 2022 at 17:26

A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!

By Paul Ducklin — February 15^th 2022 at 19:17

Zero-day buses: none for a while, then three at once. Here's Google joining Apple and Adobe in "zero-day week"

By Paul Ducklin — February 14^th 2022 at 22:38

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

By Paul Ducklin — February 11^th 2022 at 14:25

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

apple-1200

By Paul Ducklin — February 1^st 2022 at 19:59

This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.

By Paul Ducklin — January 12^th 2022 at 16:24

One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".