vulnerabilities

  • Blog
    digitpatrox5 days ago
    24

    Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day

    Microsoft CEO Satya Nadella. Image: Microsoft News Microsoft’s Patch Tuesday security update for April included 134 flaws, one of which is an actively exploited zero-day flaw. The security patches for Windows 10 were unavailable when the Windows 11 patches were released. The Windows 10 patches have since arrived, but the delay was unusual. Tyler Reguly, associate director of security R&D…

    Read More »
  • Blog
    digitpatrox6 days ago
    26

    Google’s Latest Patch Fixes 62 Security Vulnerabilities in Android

    Google has released its April 2025 Android Security Bulletin, which includes patches for 62 vulnerabilities affecting Android devices. Two of the fixes address critical zero-day flaws that may have been exploited in “limited, targeted” attacks, according to Google. Zero-days are security vulnerabilities that are exploited before the software developer can identify the flaw and issue a patch. The security update…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    37

    Apple Patches Critical Vulnerabilities in iOS 15 and 16

    Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    48

    What are business logic vulnerabilities?

    Cybersecurity often focuses on traditional threats like SQL injection, malware, and phishing attacks, but a more insidious risk is quietly undermining the security of many companies —business logic vulnerabilities. Business logic vulnerabilities pose a serious yet often overlooked threat to modern businesses. Unlike traditional security vulnerabilities, such as SQL injection or cross-site scripting (XSS), which exploit technical weaknesses, business logic…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    44

    OpenAI now pays researchers $100,000 for critical vulnerabilities

    Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. OpenAI says its services and platforms are used by 400 million users across businesses, enterprises, and governments worldwide every week. “We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    54

    Rising API Vulnerabilities Demand a Multi-Layered Defense

    APIs as a Critical Asset Under Threat An application programming interface (API) is the foundation of modern digital ecosystems, enabling seamless communication and interoperability between various applications, services, and platforms. It facilitates data exchange and accelerates the deployment of advanced technologies across industries, from finance and healthcare to e-commerce and cloud computing. However, as APIs become more integral to business…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    55

    Old ServiceNow vulnerabilities could cause havoc for unpatched customers

    Hackers are having another go at exploiting ServiceNow vulnerabilities first revealed a year ago, researchers at threat intelligence firm GreyNoise have warned. The three vulnerabilities – CVE-2024-4879 (Critical), CVE-2024-5217 (Critical) and CVE-2024-5178 (Medium) – were first discovered by researchers at Assetnote in May last year. ServiceNow deployed a patch immediately at the time, and later disclosed the issues in July…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    122

    GitLab patches critical authentication bypass vulnerabilities

    GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable.  GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…

    Read More »
  • Blog
    digitpatroxMarch 7, 2025
    116

    Critical Zero-Day Vulnerabilities Found in These VMware Products

    Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How…

    Read More »
  • Blog
    digitpatroxMarch 7, 2025
    53

    Google Just Patched 43 Security Vulnerabilities in Android

    Google’s first Pixel Drop of 2025 happened this week with a long list of upgrades for the company’s flagship phones, tablets, and watches. Google followed the update closely with the March 2025 Android Security Bulletin, with fixes for 43 malicious bugs—including two zero-day vulnerabilities that may actively be under “limited, targeted exploitation” on devices running Android OS. The patches cover…

    Read More »
Load More
Back to top button
close