Skip to main content

vulnerabilities

A New Tractor Jailbreak Rides the Right-to-Repair Wave

A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.

Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.

Sloppy Software Patches Are a ‘Disturbing Trend’

The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

You Need a Password Manager. Here Are the Best Ones

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Apple Just Patched 39 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

The Worst Hacks and Breaches of 2022 So Far

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs. And Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Ghost of Internet Explorer Will Haunt the Web for Years

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.

You Need to Update iOS, Chrome, Windows, and Zoom ASAP

Plus: Google patches 36 Android vulnerabilities, Cisco fixes three high-severity issues, and VMWare closes two “serious” flaws.

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws

By working together, the companies say they’re better able to find security flaws in Google Cloud’s Confidential Computing infrastructure.

How to Use Windows Security to Keep Your PC Protected

Your Microsoft computer comes with built-in safety software that shields you from the worst threats. Here's how to navigate your toolkit.

Hackers Are Getting Caught Exploiting New Bugs More Than Ever 

A pair of reports from Mandiant and Google found a spike in zero-day vulnerabilities in 2021. The question is, why?

The Tricky Aftermath of Source Code Leaks

Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?

WatchGuard Didn't Explicitly Disclose a Flaw Exploited by Hackers

The security vendor kept a critical vulnerability in its firewall appliances quiet even as it was under attack from a Russian hacking group.