IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

zero-day exploit

Apple patches yet another zero-day flaw in substantial security update
apple iPhone 14 pro in a line up at Apple's launch showcase in Cupertino, California
zero-day exploit

Apple patches yet another zero-day flaw in substantial security update

The updates include fixes for kernel-level code execution bugs, privacy issues, and more - all impacting iPhone and iPad users
13 Sep 2022
Google’s Project Zero is frightening and reassuring in equal measure
Female IT programmer working on a desktop computer in data centre
cyber security

Google’s Project Zero is frightening and reassuring in equal measure

This crack team of security researchers are doing work we should all be grateful for
10 Sep 2022
Apple breaks update policy to secure older iPhones and iPads against zero-day
Gold Apple iPhone 5s held against a gold iPhone 6s by a woman in an Apple store
zero-day exploit

Apple breaks update policy to secure older iPhones and iPads against zero-day

It's been four years since the company patched an end-of-life device against a major vulnerability
1 Sep 2022
Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
A symbol of a white padlock inside the outline of a shield on a red microchip
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

The RCE and kernel-level bugs may have been actively exploited and could give high-level privileges to attackers
18 Aug 2022
Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday
Microsoft Windows 11 logo on a smartphone set against a background of neon blue code on a screen to denote a cyber security theme
zero-day exploit

Dogwalk RCE variant among 121 vulnerabilities fixed in Microsoft's August Patch Tuesday

The second-biggest security update released by Microsoft this year featured 17 critical-rated RCEs and privilege escalation bugs
10 Aug 2022
Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday
A padlock graphic on an abstract digital background
vulnerability

Actively exploited zero-day and four 'critical' vulnerabilities fixed in Microsoft's July Patch Tuesday

The month's list of 84 bug fixes has been branded "boring" by some experts but should be welcome news to security personnel
13 Jul 2022
Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours
Atlassian logo on a smartphone, with the logo on a wall in the background too
zero-day exploit

Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours

The zero-day code execution vulnerability was discovered last week and cyber attackers are already capitalising on the proof-of-concept code
6 Jun 2022
State-sponsored hackers delay new Microsoft Exchange Server by four years
Laptop computer displaying logo of Microsoft Exchange
mail servers

State-sponsored hackers delay new Microsoft Exchange Server by four years

Hafnium's devastating zero-day exploit chain in 2021 forced Microsoft to improve the security of current versions instead of releasing the new one on …
6 Jun 2022
Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows
Microsoft Office 365 image, with a magnifying glass over Microsoft Word
zero-day exploit

Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows

Microsoft has published a support guide and temporary workarounds for IT admins to mitigate the threat
1 Jun 2022
Fresh Microsoft Office zero-day executes code on fully patched applications
A magnifying glass hovering over a PC screen with the symbols for Microsoft Office software displayed
zero-day exploit

Fresh Microsoft Office zero-day executes code on fully patched applications

Malicious documents saved in Rich Text Format are especially concerning since they can execute code without even being opened
30 May 2022
Datadog to acquire cyber security startup Hdiv Security
A person holding a smartphone in front of the Datadog logo
cyber security

Datadog to acquire cyber security startup Hdiv Security

The acquisition will help Datadog boost its Cloud Security platform's application security capabilities
6 May 2022
Report: Apple "neglects" to patch zero-days for older macOS versions
The Apple logo displayed next to a promotional poster for macOS Big Sur
Security

Report: Apple "neglects" to patch zero-days for older macOS versions

Analysis shows large proportion of Macs in operation remain unprotected to the actively exploited flaws patched last week
6 Apr 2022
Apple releases emergency patch fixing zero-days across iOS and macOS
Image of iPhone 13 on a white background
zero-day exploit

Apple releases emergency patch fixing zero-days across iOS and macOS

Flaws have been fixed on iPhones, iPads, and Macs, as well as undisclosed vulnerabilities on Apple TV and Apple Watch devices
1 Apr 2022
Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert
Cyber security represented by a digital screen with encryption data background
Security

Patch finally released for Spring4Shell zero-day after vulnerable businesses put on high alert

With proof-of-concept code out in the wild, businesses are encouraged to assess their exposure to what's being dubbed 'Log4Shell 2.0'
31 Mar 2022
Google patches second Chrome browser zero-day of 2022
Google Chrome logo on a Chromebook
zero-day exploit

Google patches second Chrome browser zero-day of 2022

Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
28 Mar 2022
Google exposes 'uniquely personal' access broker behind worst Conti, FIN12 ransomware attacks
The outline of a skull displayed in computer code to represent malware
ransomware

Google exposes 'uniquely personal' access broker behind worst Conti, FIN12 ransomware attacks

Investigation unveils the inner workings of one access broker that helped two of the most-hated ransomware gangs in history
18 Mar 2022
Google doubles bug bounty rewards for Linux, Kubernetes exploits
Mockup of a stethoscope treating a keyboard, symbolising a computer bug patch
zero-day exploit

Google doubles bug bounty rewards for Linux, Kubernetes exploits

The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
16 Feb 2022
Apple users told to update their devices to fix critical WebKit flaw
iPhone 11 Pro held in someone's hand
vulnerability

Apple users told to update their devices to fix critical WebKit flaw

The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this year
11 Feb 2022
Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update
Image of Microsoft logo on a smartphone in front of a white backdrop with many identical Microsoft logos sprawled across
cyber security

Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update

Microsoft will be hoping for a bug-free round of patches after admins complained of January's updates breaking more components than they fixed
9 Feb 2022
Apple fixes array of iOS, macOS zero-days and code execution security flaws
Apple logo on the side of a building
zero-day exploit

Apple fixes array of iOS, macOS zero-days and code execution security flaws

The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of device…
27 Jan 2022
Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update
Win 11 on a smartphone in front of code on a monitor
cyber security

Microsoft takes aim at critical RCE flaws with "massive" Patch Tuesday update

Microsoft has kicked off 2022 with a score of security fixes for critical-rated vulnerabilities in some of the most widely used products used by busin…
12 Jan 2022
The scariest security horror stories of 2021
A hacker against a red background
cyber security

The scariest security horror stories of 2021

A crisis at Microsoft, the ransomware resurgence, and endless zero-days dominated headlines
28 Dec 2021
What is the Log4Shell vulnerability?
Mockup image with padlocks to symbolise a cyber security vulnerability
zero-day exploit

What is the Log4Shell vulnerability?

The critical flaw affecting products built using Java is set to cause headaches in the enterprise for months to come
20 Dec 2021