![Apple](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113415/apple-1-400x200.jpg)
Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893)
Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in …
![Microsoft](https://img.helpnetsecurity.com/wp-content/uploads/2022/06/03180720/microsoft-broken-400x200.jpg)
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
![Microsoft support](https://img.helpnetsecurity.com/wp-content/uploads/2022/05/31094352/microsoft-support-400x200.jpg)
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers …
![alert](https://img.helpnetsecurity.com/wp-content/uploads/2019/04/09094437/alert-400x200.jpg)
Attackers are attempting to exploit critical F5 BIG-IP RCE
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …
![VMware](https://img.helpnetsecurity.com/wp-content/uploads/2020/06/02111054/vmware-logo-line-400x200.jpg)
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …
![Spring](https://img.helpnetsecurity.com/wp-content/uploads/2022/03/31123608/spring1-1600-1-400x200.jpg)
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
![Log4j](https://img.helpnetsecurity.com/wp-content/uploads/2022/04/05111326/log4j-door-hns-400x200.jpg)
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
![bomb](https://img.helpnetsecurity.com/wp-content/uploads/2016/04/09113133/bomb-400x200.jpg)
Vulnerabilities and cyberattacks that marked the year 2021
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals …
![Spring](https://img.helpnetsecurity.com/wp-content/uploads/2022/03/31123608/spring1-1600-1-400x200.jpg)
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
![Spring](https://img.helpnetsecurity.com/wp-content/uploads/2022/03/31123604/spring1-1600-2-400x200.jpg)
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
![attacks](https://img.helpnetsecurity.com/wp-content/uploads/2020/04/27135755/attacks-fire-400x200.jpg)
Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
A critical vulnerability (CVE-2022-1040) in Sophos Firewall is being exploited in the wild to target “a small set of specific organizations primarily in the South Asia …
![malware](https://img.helpnetsecurity.com/wp-content/uploads/2021/12/01155327/malware_7_01122021-400x200.jpg)
New cyberespionage campaign targeting ISPs, research entities
ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits …
Featured news
Sponsored
Don't miss
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)