A zero day vulnerability in the Microsoft Windows Jet Database Engine has been disclosed by TrendMicro's Zero Day Initiative even though a security update is not currently available from Microsoft.
Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day.
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account.
A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation.
Microsoft's monthly Patch Tuesday security updates are out, and for August 2018, the Redmond-based OS maker has fixed 60 security flaws, including two zero-days under active attacks.
The author of the GandCrab ransomware is a little bit bitter at South Korean security vendor AhnLab after the security firm released a vaccine for the GandCrab ransomware.
The July Patch Tuesday that was delivered two weeks ago included a second patch for an Internet Explorer zero-day discovered and initially fixed by Microsoft in May.
Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.
The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today's top web-based threats.
An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware.
A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.
Attacks on Dasan GPON routers are continuing to happen using two vulnerabilities disclosed last month, but today, researchers from Qihoo 360 Netlab have revealed that one botnet operator appears to have deployed a new zero-day affecting the same router types.
DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
Microsoft published earlier today the Patch Tuesday security bulletin for May 2018, containing fixes for 67 security issues. This month, Microsoft fixed security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, .NET Framework, Microsoft Exchange Server, Windows Host Compute Service Shim, and Office.
A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.
MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild.
An advanced persistent threat (APT), a term sometimes used to describe nation-state-backed cyber-espionage units, is using a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware.
The maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.