IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday

The second-biggest security update released by Microsoft this year featured 17 critical-rated RCEs and privilege escalation bugs
10 Aug 2022
Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday
A padlock graphic on an abstract digital background
vulnerability

Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday

The month's list of 84 bug fixes has been branded "boring" by some experts but should be welcome news to security personnel
13 Jul 2022
Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours
Atlassian logo on a smartphone, with the logo on a wall in the background too
zero-day exploit

Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours

The zero-day code execution vulnerability was discovered last week and cyber attackers are already capitalising on the proof-of-concept code
6 Jun 2022
State-sponsored hackers delay new Microsoft Exchange Server by four years
Laptop computer displaying logo of Microsoft Exchange
mail servers

State-sponsored hackers delay new Microsoft Exchange Server by four years

Hafnium's devastating zero-day exploit chain in 2021 forced Microsoft to improve the security of current versions instead of releasing the new one on …
6 Jun 2022
Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows
Microsoft Office 365 image, with a magnifying glass over Microsoft Word
zero-day exploit

Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows

Microsoft has published a support guide and temporary workarounds for IT admins to mitigate the threat
1 Jun 2022
Fresh Microsoft Office zero-day executes code on fully patched applications
A magnifying glass hovering over a PC screen with the symbols for Microsoft Office software displayed
zero-day exploit

Fresh Microsoft Office zero-day executes code on fully patched applications

Malicious documents saved in Rich Text Format are especially concerning since they can execute code without even being opened
30 May 2022
Report: Apple "neglects" to patch zero-days for older macOS versions
The Apple logo displayed next to a promotional poster for macOS Big Sur
Security

Report: Apple "neglects" to patch zero-days for older macOS versions

Analysis shows large proportion of Macs in operation remain unprotected to the actively exploited flaws patched last week
6 Apr 2022
Apple releases emergency patch fixing zero-days across iOS and macOS
Image of iPhone 13 on a white background
zero-day exploit

Apple releases emergency patch fixing zero-days across iOS and macOS

Flaws have been fixed on iPhones, iPads, and Macs, as well as undisclosed vulnerabilities on Apple TV and Apple Watch devices
1 Apr 2022
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
Cyber security represented by a digital screen with encryption data background
Security

Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert

With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
31 Mar 2022
Google patches second Chrome browser zero-day of 2022
Google Chrome logo on a Chromebook
zero-day exploit

Google patches second Chrome browser zero-day of 2022

Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
28 Mar 2022
Google exposes 'uniquely personal' access broker behind worst Conti, FIN12 ransomware attacks
The outline of a skull displayed in computer code to represent malware
ransomware

Google exposes 'uniquely personal' access broker behind worst Conti, FIN12 ransomware attacks

Investigation unveils the inner workings of one access broker that helped two of the most-hated ransomware gangs in history
18 Mar 2022
Google doubles bug bounty rewards for Linux, Kubernetes exploits
Mockup of a stethoscope treating a keyboard, symbolising a computer bug patch
zero-day exploit

Google doubles bug bounty rewards for Linux, Kubernetes exploits

The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
16 Feb 2022
Apple users told to update their devices to fix critical WebKit flaw
iPhone 11 Pro held in someone's hand
vulnerability

Apple users told to update their devices to fix critical WebKit flaw

The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this year
11 Feb 2022
Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update
Image of Microsoft logo on a smartphone in front of a white backdrop with many identical Microsoft logos sprawled across
cyber security

Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update

Microsoft will be hoping for a bug-free round of patches after admins complained of January's updates breaking more components than they fixed
9 Feb 2022
Apple fixes array of iOS, macOS zero-days and code execution security flaws
Apple logo on the side of a building
zero-day exploit

Apple fixes array of iOS, macOS zero-days and code execution security flaws

The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of device…
27 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
Win 11 on a smartphone in front of code on a monitor
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by busin…
12 Jan 2022
The scariest security horror stories of 2021
A hacker against a red background
cyber security

The scariest security horror stories of 2021

A crisis at Microsoft, the ransomware resurgence, and endless zero-days dominated headlines
28 Dec 2021
What is the Log4Shell vulnerability?
Mockup image with padlocks to symbolise a cyber security vulnerability
zero-day exploit

What is the Log4Shell vulnerability?

The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come
20 Dec 2021
Log4Shell: New numbers reveal the scale of the critical software exploit
Abstract image of stacked broken egg shells
zero-day exploit

Log4Shell: New numbers reveal the scale of the critical software exploit

Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most
15 Dec 2021
Firefox 95 boosts protection against zero-day attacks
The Mozilla Firefox logo on a laptop
web browser

Firefox 95 boosts protection against zero-day attacks

Mozilla's browser now takes a more granular approach to walling off code
7 Dec 2021
Microsoft patch fails to fix Installer zero-day affecting every version of Windows
Red lock unlocked among several blue locked locks
zero-day exploit

Microsoft patch fails to fix Installer zero-day affecting every version of Windows

The exploit allows hackers to elevate privileges and create admin accounts
25 Nov 2021
Hackers used MSHTML exploit a week before patches were ready
"ZERO DAY" in red on a white background
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

New report finds cyber criminals automating exploit creation to help less capable hackers
14 Oct 2021
Kaspersky exposes MysterySnail zero-day exploit in Windows
A depiction of a bug on a blue binary background
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

Elevation-of-privilege flaw could enable Chinese hackers to mount widespread spying campaign
13 Oct 2021