IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

exploits

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday

The second-biggest security update released by Microsoft this year featured 17 critical-rated RCEs and privilege escalation bugs
10 Aug 2022
Malware operators abusing Windows shortcuts to bypass VBA macro block
Skull depicted in code
exploits

Malware operators abusing Windows shortcuts to bypass VBA macro block

The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection technique
5 Aug 2022
GPS tracker exploit puts the world's most high-value individuals in real-world danger
A hacker against a red background
hacking

GPS tracker exploit puts the world's most high-value individuals in real-world danger

Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets …
20 Jul 2022
How to protect against 'endemic' Log4j vulnerabilities
A mockup of the log4j Java library logo
cyber security

How to protect against 'endemic' Log4j vulnerabilities

A US government report details a series of recommendations to help counter the Log4Shell flaw in the long term
15 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
A graphic of a red CPU with a white skull and crossbones on it, placed upon a grey background
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

‘Retbleed’ threatens a wide range of microprocessors, using a vector thought safe that adds to its problematic nature
13 Jul 2022
Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows
Microsoft Office 365 image, with a magnifying glass over Microsoft Word
zero-day exploit

Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows

Microsoft has published a support guide and temporary workarounds for IT admins to mitigate the threat
1 Jun 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Apple logo on the side of a building
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature
18 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Windows 11 and Windows 11 displayed on two different laptops
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

May 2022's routine Patch Tuesday fixes seven 'critical' issues, including a familiar headache for IT administrators
11 May 2022
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
Win 11 on a smartphone in front of code on a monitor
Security

Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits

This month's round of patches is now available with some exploits proving to be particularly dangerous
13 Apr 2022
Microsoft Patch Tuesday fixes Windows 11 system reset bug
Windows 11 and Windows 11 displayed on two different laptops
vulnerability

Microsoft Patch Tuesday fixes Windows 11 system reset bug

A host of fixes are available to Windows administrators as Microsoft patches three critical RCEs flaws
9 Mar 2022
Google doubles bug bounty rewards for Linux, Kubernetes exploits
Mockup of a stethoscope treating a keyboard, symbolising a computer bug patch
zero-day exploit

Google doubles bug bounty rewards for Linux, Kubernetes exploits

The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
16 Feb 2022
12-year-old Linux root privilege flaw has been "hiding in plain sight"
Linux on a blue background with a circuit-board-like graphic
Linux

12-year-old Linux root privilege flaw has been "hiding in plain sight"

Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patches
26 Jan 2022
El Salvador becomes latest target of Pegasus spyware
The Apple logo displayed on a store building in Washington, DC
spyware

El Salvador becomes latest target of Pegasus spyware

The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran…
13 Jan 2022
Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn
A front view of a Lenovo ThinkPad store in Beijing, China
exploits

Lenovo ThinkPads vulnerable to privilege escalation exploit, researchers warn

A component running on the popular business computers is vulnerable to a chained exploit that grants full access to attackers
17 Dec 2021
Log4Shell: New numbers reveal the scale of the critical software exploit
Abstract image of stacked broken egg shells
zero-day exploit

Log4Shell: New numbers reveal the scale of the critical software exploit

Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most
15 Dec 2021
Researchers warn of increase in attacks against Zoho software
An image of a digital padlock with code around it
cyber security

Researchers warn of increase in attacks against Zoho software

It's believed as much as 62% of ServiceDesk Plus instances globally are using vulnerable software versions
3 Dec 2021
FBI email server hacked to send fake cyber attack alerts
FBI headquarters on Pennsylvania avenue sign with traffic reflections at night
cyber security

FBI email server hacked to send fake cyber attack alerts

An attacker exploited the system misconfiguration to send legitimate-looking cyber security alerts to partners
15 Nov 2021
Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack
A photograph of the Samsung Galaxy S21 5G's camera array
hacking

Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack

UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"
5 Nov 2021
Microsoft Exchange Servers are being used to distribute Qakbot malware
A laptop on a table with the Microsoft Exchange logo displayed
ransomware

Microsoft Exchange Servers are being used to distribute Qakbot malware

Exploiting an unpatched Exchange Server vulnerability and a less-than-foolproof malicious URL strategy is leading to mounting infections in businesses
2 Nov 2021
Critical vulnerability discovered in popular CI/CD framework
Red lock unlocked among several blue locked locks
cyber security

Critical vulnerability discovered in popular CI/CD framework

Flaw in GoCD software delivery pipeline thought to have affected a host of NGOs and Fortune 500 companies
29 Oct 2021
WordPress plugin exploit puts over 90,000 sites at risk
A user with WordPress on their desktop computer
vulnerability

WordPress plugin exploit puts over 90,000 sites at risk

Security firm Wordfence recommends users of the Brizy Page Builder plugin upgrade to the latest version immediately
14 Oct 2021
Weekly threat roundup: Microsoft Patch Tuesday, HP Omen, Apple
Graphic showing a red unlocked padlock surrounded by blue locked padlocks
exploits

Weekly threat roundup: Microsoft Patch Tuesday, HP Omen, Apple

Pulling together the most dangerous and pressing flaws that businesses need to patch
16 Sep 2021
Microsoft patches Internet Explorer zero-day under active attack
Bug surrounding by computer code and jargon
vulnerability

Microsoft patches Internet Explorer zero-day under active attack

The latest wave of Patch Tuesday fixes also included several updates to address the Print Spooler component in Windows
15 Sep 2021