vulnerability Archives

A smartphone screen shows the Apple iOS 26 update with a user's finger preparing to install it. (Photo illustration by Cheng Xin/Getty Images) — A smartphone screen shows the Apple iOS 26 update with a user’s finger preparing to install it. (Photo illustration by Cheng Xin/Getty Images)

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

1 day ago By Matt Kapko

Sitecore zero-day vulnerability springs up from exposed machine key

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.

Sep 4, 2025 By Matt Kapko

Workers enter a building on the Google headquarters campus on July 23, 2025, in Mountain View, California. (Justin Sullivan/Getty Images)

Google patches two Android zero-days, 120 defects total in September security update

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

Sep 3, 2025 By Matt Kapko

Citrix offices, California — Citrix offices in Santa Clara, California. (Getty Images)

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

Aug 26, 2025 By Matt Kapko

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Aug 13, 2025 By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall pins firewall attack spree on year-old vulnerability

The vendor ruled out a zero-day vulnerability as the root cause, disputing initial assessments from third-party researchers. Fewer than 40 organizations have been impacted since mid-July.

Aug 11, 2025 By Matt Kapko

DARPA’s AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching

The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part — putting the systems to the…

Aug 8, 2025 By Matt Kapko

SonicWall firewalls hit by active mass exploitation of suspected zero-day

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Aug 5, 2025 By Matt Kapko

Project Zero disclosure policy change puts vendors on early notice

Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.

Jul 30, 2025 By Matt Kapko

NEW YORK, NEW YORK – MARCH 18: In this photo illustration, Gemini Ai is seen on an iPad on March 18, 2024 in New York City. Apple announced that they’re exploring a partnership with Google to license the Gemini AI-powered features on iPhones with iOS updates later this year. Google already has a deal in place with Apple to be the preferred search engine provider on iPhones for the Safari browser. (Photo Illustration by Michael M. Santiago/Getty Images)

Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration

The findings are part of a growing list of instances where “agentic” AI software has taken actions that are more akin to a malicious hacker than a…

Jul 28, 2025 By Derek B. Johnson