Author Archives: Paul Ducklin

S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]

Posted on February 24, 2022 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript]→

Apple AirTag anti-stalking protection bypassed by researchers

Posted on February 23, 2022 by Paul Ducklin

Problems with Apple’s Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags. Continue reading Apple AirTag anti-stalking protection bypassed by researchers→

WordPress backup plugin maker Updraft says “You should update”…

Posted on February 22, 2022 by Paul Ducklin

A straight-talking bug report written in plain English by an actual expert – there’s a teachable moment in this cybersecurity story! Continue reading WordPress backup plugin maker Updraft says “You should update”…→

French speakers blasted by sextortion scams with no text or links

Posted on February 21, 2022 by Paul Ducklin

You’d spot this one a mile away… but what about your friends or family? Continue reading French speakers blasted by sextortion scams with no text or links→

Irony alert! PHP fixes security flaw in input validation code

Posted on February 18, 2022 by Paul Ducklin

What’s wrong with this sequence? 1. Step into the road 2. Check if it’s safe 3. Keep on walki… Continue reading Irony alert! PHP fixes security flaw in input validation code→

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Posted on February 17, 2022 by Paul Ducklin

Latest episode – listen and learn! Continue reading S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]→

VMWare fixes holes that could allow virtual machine escapes

Posted on February 16, 2022 by Paul Ducklin

Hats off to VMWare for not using weasel words: “When should you act?” Immediately… Continue reading VMWare fixes holes that could allow virtual machine escapes→

Google announces zero-day in Chrome browser – update now!

Posted on February 15, 2022 by Paul Ducklin

Zero-day buses: none for a while, then three at once. Here’s Google joining Apple and Adobe in “zero-day week” Continue reading Google announces zero-day in Chrome browser – update now!→

Adobe fixes zero-day exploit in e-commerce code: update now!

Posted on February 14, 2022 by Paul Ducklin

There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it. Continue reading Adobe fixes zero-day exploit in e-commerce code: update now!→

Power company pays out $3 trillion compensation to astonished customer

Posted on February 14, 2022 by Paul Ducklin

More money than the UK’s economy produces in a year! Continue reading Power company pays out $3 trillion compensation to astonished customer→