0-day Archives - Help Net Security

0-day

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

May 10, 2022

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

April 12, 2022

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

March 7, 2022

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited …

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

February 11, 2022

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, …

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)

November 9, 2021

It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, …

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

October 12, 2021

On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and …

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

October 12, 2021

With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers. About CVE-2021-30883 CVE-2021-30883 …

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

September 24, 2021

Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and …

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

September 14, 2021

Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in …

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

September 8, 2021

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise …

Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws

August 10, 2021

Microsoft’s August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, …

Explosion of 0-day exploits: The bad news and the good news

July 15, 2021

Have you noticed that lately we’ve been hearing more about in-the-wild attacks exploiting 0-day vulnerabilities? “Halfway into 2021, there have been 33 0-day …

0-day

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws

Explosion of 0-day exploits: The bad news and the good news

Don't miss

Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

How to ensure that the smart home doesn’t jeopardize data privacy?

U.S. DOJ will no longer prosecute good-faith security researchers under CFAA

VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)

Many security engineers are already one foot out the door. Why?