A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.
The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek.
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
The post Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
The post Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs appeared first on SecurityWeek.
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies
A WPS Office zero-day vulnerability tracked as CVE-2024-7262 was exploited by South Korean hacker group APT-C-60.
The post WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies appeared first on SecurityWeek.
Google Warns of Exploited Chrome Vulnerability
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
Google Patches Sixth Exploited Chrome Zero-Day of 2024
Chrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
The post Google Patches Sixth Exploited Chrome Zero-Day of 2024 appeared first on SecurityWeek.
SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day
The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.
The post SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day appeared first on SecurityWeek.
Copy2Pwn Zero-Day Exploited to Bypass Windows Protections
ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.
The post Copy2Pwn Zero-Day Exploited to Bypass Windows Protections appeared first on SecurityWeek.
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.
The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on SecurityWeek.
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.
The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.