0-day Archives - Page 3 of 23 - Help Net Security

0-day

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

May 10, 2022

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

April 12, 2022

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

March 7, 2022

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited …

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

February 11, 2022

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, …

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)

November 9, 2021

It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, …

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

October 12, 2021

On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and …

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

October 12, 2021

With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers. About CVE-2021-30883 CVE-2021-30883 …

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

September 24, 2021

Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and …

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

September 14, 2021

Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in …

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

September 8, 2021

Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise …

Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws

August 10, 2021

Microsoft’s August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, …

Explosion of 0-day exploits: The bad news and the good news

July 15, 2021

Have you noticed that lately we’ve been hearing more about in-the-wild attacks exploiting 0-day vulnerabilities? “Halfway into 2021, there have been 33 0-day …

0-day

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)

Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws

Explosion of 0-day exploits: The bad news and the good news

Don't miss

CISO-approved strategies for software supply chain security

Phishers use encrypted file attachments to steal Microsoft 365 account credentials

New Buhti ransomware uses leaked payloads and public exploits

Strengthening travel safety protocols with ISO 31030

Phishing campaign targets ChatGPT users