Now Mandiant says 2021 was a record year for exploited zero-day security bugs
Now that's a race condition The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant.…
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Now that's a race condition The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant.…
Threat actor exploited known vulnerabilities in the Microsoft software to compromise multiple systems An affiliate of the aggressive Hive ransomware group is exploiting known vulnerabilities in Microsoft Exchange servers to encrypt and exfiltrate data and threaten to publicly disclose the information if the ransom isn't paid.…
Remote code exec is so 2014. Have this container escape and privilege escalation, instead Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation.…
Friends are always tellin' me, you're a user ... Just be good to free() Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014.…
Step one, get some scrambled files back. Steps two through 37... Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.…
Firmware updates incoming in response to UEFI threats Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET.…