Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
Second try's a charm?
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Second try's a charm?
Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…
PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more Infosec in Brief The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.…
Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.…
A few weeks earlier 'zeroplayer' advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.…
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…
With this zero-day, researchers say the 'scrappy' group is stepping up its operations The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.…
<h4>Clearly no need for leet zero-day hax when you can spearphish and exploit months-old vulnerabilities</h4> <p>A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed.…</p>