Microsoft’s December 2023 Patch Tuesday Addresses One Zero-day Vulnerability

Summary: In the December Patch Tuesday release, Microsoft addressed a total of 42 CVEs, including one zero-day vulnerability. Within this range of vulnerabilities, the security update covered the typical spectrum of issues, including RCE flaws, concerns related to privilege escalation, spoofing,...

Microsoft’s November 2023 Patch Tuesday Addresses Five Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the November Patch Tuesday release, Microsoft addressed a total of 63 CVEs, including three zero-day vulnerabilities. Within this range of vulnerabilities, the security update covered the typic...

Microsoft’s September 2023 Patch Tuesday Addresses Two Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the September Patch Tuesday release, Microsoft addressed a total of 59 CVEs, encompassing five critical vulnerabilities. Within this range of vulnerabilities, the security update covered the...

Microsoft’s August Patch Tuesday Addresses Active Zero-Day Exploits

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the August Patch Tuesday release, Microsoft addressed a total of 73 CVEs, encompassing six critical and 67 important vulnerabilities. Within this range of vulnerabilities, the security update...

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager CSM a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser frycos yesterday public...

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution RCE flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked...

Apple Security Updates Tackle iOS Device Tracking, RCE Flaws

Apple’s latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution RCE. Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1...

Mozilla Bug Bounty Program Doubles Payouts, Adds Firefox Monitor

Mozilla is bumping up its bug bounty payouts and has added new websites and services – including the recently deployed Firefox Monitor– to its bug bounty program in hopes of attracting more researchers to sniff out vulnerabilities. The browser-maker is doubling bug bounty payouts for most of its...

Google October Android Security Update Fixes Critical RCE Flaws

UPDATE Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code. The remote code execution RCE flaws are part of Google’s October 2019 Android Security Bulletin,...

Google Patches Critical Remote Code-Execution Flaws in Android

Google patched four remote code-execution RCE flaws as part of its May Android Security Bulletin. Three of the critical bugs are tied to the System portion of the Android platform architecture, responsible for core apps such as the dialer, email and camera. A fourth critical RCE bug opens the doo...

Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security...