Microsoft closes book on Nightmare Eclipse's RoguePlanet zero-day
Weeks after the exploit code dropped, Redmond has finally ships a fix for the Defender zero-day
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
Weekly headline count for the current query.
Weeks after the exploit code dropped, Redmond has finally ships a fix for the Defender zero-day
Attackers appear to have reverse-engineered Big Red's patch
You don't need Mythos or GPT-5.5-Cyber to find a vuln to exploit when the world's password habits are so sloppy
As yet another extortion crew Icarus exploits Salesforce-linked integrations
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
Another day, another Windows exploit code
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
Researcher reported the vuln in March. Maintainers haven't responded to his messages since
Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Researchers dropped a reliable root exploit and it didn’t sit idle for long
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.…
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.…
Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.…
Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode Kettle Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …
Connected devices can leave an otherwise secure network vulnerable Pwned Welcome to Pwned, The Register's new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT defenders, so, on balance, we're sure it has protected against a lot more exploits than it has caused. But in this case, the desire for everyone's favorite stimulant led to a massive breach.…
Here's where you ought to spend your security billable hours budget this year Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. …
Last time: Beijing-backed snoops and ransomware crims. Who's next? Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims' SharePoint servers, the US government warned.…
Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…