Microsoft patches Windows zero-day used to drop ransomware
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. [...]
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver payloads in Magniber ransomware attacks. [...]
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
The vulnerability could allow remote code execution (RCE) on a victim's device
The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...]
In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...]
In security updates released today, Apple has fixed the tenth zero-day vulnerability used in attacks against iPhones or Macs since the start of the year. [...]
Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. [...]
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. [...]
Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. [...]
Competition awards winning participants nearly $1m