Microsoft Patch Tuesday is light on fixes, but puts admins to work
Microsoft fixed 3 zero-day vulnerabilities with its latest Patch Tuesday patches, among a total of 38 fixes. A small number of bugs this time, but Microsoft promises to make future deployments easier for IT admins.
Two of the zero-day vulnerabilities have been actively exploited to attack system... Read more
New Android updates patch kernel bug exploited in spyware attacks
This month's Android security updates patched a high-severity vulnerability that allowed attackers to install commercial spyware on Android devices.
Hackers exploited the security flaw (CVE-2023-0266) as a zero-day in a spyware campaign. This campaign targeted Samsung Android phones as part of a... Read more
Microsoft says China is expanding its cyber warfare capabilities
The tech giant claims China is weaponizing vulnerabilities by hiding and stockpiling zero-day threats.
China's offensive cyber capabilities are expanding quickly, according to Microsoft. The tech giant says the expansion is due to a 2021 law that effectively allows Beijing to build up an arsenal... Read more
Cato Networks fixes zero-day vulnerability in Microsoft Office
Cato Networks developed a workaround for a zero-day vulnerability recently found in Microsoft Office. Customers of Cato Networks are immune to the vulnerability.
Cato Networks provides a Secure Access Service Edge service (SASE). The service has two components. First, it connects customers' appl... Read more
SentinelOne unveils severe zero-day vulnerabilities in Avast and AVG
SentinelOne discovered two serious zero-day vulnerabilities in Avast and AVG. The threats went unnoticed for ten years.
The vulnerabilities allow attackers to bump privileges. From there, a system's security tools can be disabled. In December 2021, SentinelOne's researchers disclosed the vulnera... Read more
‘Zero-day exploits will continue to be popular in 2022’
Zero-day exploits remain the most attractive attack vector for cybercriminals. This is made evident by yearly reports from Google Project Zero and security specialist Mandiant.
The yearly reports of Google Project Zero and Mandiant try to answer why zero-day attacks are so interesting for cyberc... Read more
Cybercriminals enhance tactics to exploit zero-day flaws
HP Wolf Security caught exploits of the zero-day CVE-2021-40444 a remote code execution vulnerability in the MSHTML browser engine that can be triggered by opening a malicious Microsoft Office document.
The flaw was caught a week before a patch was released for it. The latest HP Wolf Security Th... Read more
Chrome 90 is here with seven vulnerabilities patched
Google has finally released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. The release comes with seven security fixes. One of them is a zero-day vulnerability, which was exploited in the wild. The zero-day was assigned the identifier CVE-2021-21224.
Chrome’s technical program manage... Read more