Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of…
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass…
Bug Bounty Programs, Hacking Contests Power China’s Cyber Offense
With the requirement that all vulnerabilities first get reported to the Chinese government, once-private vulnerability research has become a goldmine…
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case…
Microsoft fixes two Windows zero-days exploited in malware attacks
Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially…
Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk
Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."
Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
Microsoft Patches a Pair of Actively Exploited Zero-Days
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's…
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem
CVSS Version 4 arguably performs better, but companies also need to tailor any measure of threat to their own environment…