Microsoft patches Windows zero-day used to drop ransomware
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. [...]
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. [...]
In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...]
In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...]
In security updates released today, Apple has fixed the tenth zero-day vulnerability used in attacks against iPhones or Macs since the start of the year. [...]
Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. [...]
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. [...]
Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. [...]