Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
Weekly headline count for the current query.
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
Chrome 0-day patched now, Edge patch coming soon.
Little Bobby Tables is back!
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Breaches, exploits, busts, buffer overflows and bug hunting - entertaining and educational in equal measure.
Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […]
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Latest episode - listen now!
That was quick! 48 hours from exploit report to published patch.
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.