Please turn on your JavaScript for this page to function normally.
Patch Tuesday
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 …

Microsoft Windows
Patching problems: The “return” of a Windows Themes spoofing vulnerability

Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes …

Fortinet
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 …

time
Defenders must adapt to shrinking exploitation timelines

A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 …

Patch Tuesday
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug …

Ivanti
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company …

laptop
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …

Patch Tuesday
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …

malware
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made …

Google Chrome
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity …

North Korea
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ …

Patch Tuesday
Microsoft fixes 6 zero-days under active attack

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly …

Don't miss

Cybersecurity news