vulnerability reporting Archives

Microsoft Headquarters — A sign is seen at the Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

4 days ago By Matt Kapko

Attackers hit React defect as researchers quibble over proof

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

Dec 5, 2025 By Matt Kapko

Abstract binary code rippling on waving ribbons. (Getty Images)

Developers scramble as critical React flaw threatens major apps

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

Dec 3, 2025 By Matt Kapko

Google’s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake/Getty Images)

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

Dec 1, 2025 By Matt Kapko

Researchers uncover remote code execution flaw in abandoned Rust code library

The high-severity defect affects a widely used — but largely hidden — archive tool that spans many forks.

Oct 21, 2025 By Matt Kapko

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Aug 13, 2025 By Matt Kapko

Sen. Mark Warner, D-Va., speaks during a press conference in Washington, D.C., on March 20, 2018. From left, Sens. John Cornyn, James Lankford, Susan Collins and Richard Burr listen. (NICHOLAS KAMM/AFP via Getty Images)

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.

Nov 20, 2024 By Matt Bracken

Close-up server detail with KVM switches. (Getty Images)

Printer bug sends researchers into uproar, affects major Linux distros

The vulns would allow attackers to run any commands on targeted computers without user knowledge. But it would take a lot of work to get to that…

Sep 26, 2024 By Christian Vasquez

Rep. Deborah Ross, D-N.C., speaks during a press conference in Washington, D.C., on June 3, 2024. Legislation from Ross and two colleagues to add AI systems to the National Vulnerability Database cleared a House panel on Sept. 25, 2024. (Photo by ALLISON BAILEY/Middle East Images/AFP via Getty Images)

House panel moves bill that adds AI systems to National Vulnerability Database

The AI Incident Reporting and Security Enhancement Act would put NIST in charge of setting up a vulnerability reporting process for AI systems.

Sep 25, 2024 By Derek B. Johnson