Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Sophos XG Firewall
Attackers exploiting a zero-day in Sophos firewalls, have yours been hit?

Sophos has released an emergency hotfix for an actively exploited zero-day SQL injection vulnerability in its XG Firewalls, and has rolled it out to all units with the …

Firefox
Two critical Firefox vulnerabilities exploited by attackers, patch now!

Mozilla has released critical security updates for Firefox and Firefox ESR on Friday, patching two vulnerabilities that are being actively exploited by attackers.

patch
Micropatches block exploitation of Windows zero-days under attack

While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in “limited targeted Windows 7 based attacks,” ACROS …

Google TAG
Government-backed cyber attackers increasingly targeting journalists

Since the start of the year, journalists and news outlets have become preferred targets of government-backed cyber attackers, Google’s Threat Analysis Group (TAG) has noticed. …

Font
Windows users under attack via two new RCE zero-days

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks …

Trend Micro
Trend Micro fixes two actively exploited zero-days in enterprise products

Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the …

Chrome
Google fixes another Chrome zero-day exploited in the wild

For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …

Firefox
Mozilla patches actively exploited Firefox zero-day

Mozilla has patched a Firefox zero-day vulnerability (CVE-2019-17026) that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update …

patch
December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day

For December 2019 Patch Tuesday, Microsoft and Adobe have released the final scheduled security updates for this year, Intel has fixed Plundervolt, and Google has delivered …

vBulletin
vBulletin zero-day exploited in the wild in wake of exploit release

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …

IE
Microsoft drops emergency Internet Explorer fix for actively exploited zero-day

Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed …

patch
September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days

For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools