The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today's top web-based threats.
An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware.
A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.
Attacks on Dasan GPON routers are continuing to happen using two vulnerabilities disclosed last month, but today, researchers from Qihoo 360 Netlab have revealed that one botnet operator appears to have deployed a new zero-day affecting the same router types.
DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
Microsoft published earlier today the Patch Tuesday security bulletin for May 2018, containing fixes for 67 security issues. This month, Microsoft fixed security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, .NET Framework, Microsoft Exchange Server, Windows Host Compute Service Shim, and Office.
A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.
MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild.
An advanced persistent threat (APT), a term sometimes used to describe nation-state-backed cyber-espionage units, is using a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware.
The maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.
Malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware, researchers from Kaspersky Lab plan to reveal today.
Questionable patching on the part of the WordPress CMS team has caused lots of headaches for WP site owners this week.
Earlier today, Microsoft published the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities and three special security advisories with fixes for Adobe Flash, the Meltdown & Spectre flaws, and a defense-in-depth update for Office applications.
Last week, Adobe claimed it wouldn't release security updates for the first time since July 2012 because it had nothing to patch. Less than six days later, the company released a critical update for Flash Player that fixes a zero-day vulnerability exploited in live attacks.
Earlier today, Microsoft published the October 2017 Patch Tuesday, the company's monthly update train, addressing important security issues, but also some mundane bugfixes.
Hackers have exploited three zero-days to install backdoors on WordPress sites, according to a security alert published minutes ago by WordPress security firm Wordfence.