Microsoft is warning admins of an Office security bypass zero day vulnerability that can be triggered simply by a user opening a document. The flaw is currently being actively exploited. “The vulnerability is serious,” said Johannes Ullrich, dean of research at the SANS Institute. “The root cause is that Microsoft Office still supports the older…
Category: Security, Vulnerabilities, Zero-Day Vulnerabilities
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
Eight critical vulnerabilities and an actively exploited zero day highlight Microsoft’s first Patch Tuesday announcements for 2026. Most of the higher scoring vulnerabilities impact Office products, with two holes in SharePoint scoring an 8.8 on the CVSS scale. “Last year’s abuse of SharePoint by Chinese APTs to deploy ToolShell against organizations should serve as a…
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
Patch Tuesday 2025 roundup: The biggest Microsoft vulnerabilities of the year
Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost guaranteed to be one of those days, though with any luck it’s merely troublesome, not catastrophic. In 2025, however, some of them gave CSOs heartburn: Microsoft issued mitigations for…
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
Cisco bestätigt Zero-Day-Exploit für Secure Email
Cisco hat eine Zero-Day-Lücke in seinen Secure-Email-Produkten entdeckt. JarTee – shutterstock.com Cisco Talos hat kürzlich eine Cyberkampagne entdeckt, die auf Ciscos AsyncOS-Software für Secure Email Gateway, Secure Email und Web Manager abzielt. Die Kampagne soll mindestens seit Ende November laufen. Ein Patch ist derzeit noch nicht verfügbar, so der Netzwerkriese. Umfang des Risikos Laut Cisco…
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
Cisco confirms zero-day exploitation of Secure Email products
Cisco has warned that a China-linked hacking group is actively exploiting a previously unknown vulnerability in its Secure Email appliances to gain persistent access, forcing affected organizations to consider disruptive rebuilds of critical security infrastructure while patches remain unavailable. Cisco Talos said the campaign has been active since at least late November, raising concerns for…
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on
CISOs need to pay attention to patching five zero day Windows vulnerabilities and two other holes with available proof-of-concept exploits among the 70 fixes issued today by Microsoft in its May Patch Tuesday releases. Mike Walters, president of Action1, told CSO that leaders should focus in particular on these vulnerabilities: A scripting engine memory corruption…
Exploits, Global Security News, Security, Vulnerabilities, Zero-Day Vulnerabilities
March Patch Tuesday warnings: Act fast to plug zero day holes in Windows, VMware
CISOs need to lean on their admins to plug zero day vulnerabilities in Windows and VMware products as soon as possible, before they are widely exploited. In addition, Windows admins need to be aware of a vulnerability that already has a publicly-available proof of concept exploit that threat actors are sure to jump on. Finally,…