Apple has fixed a zero-day vulnerability (CVE-2022-32893) in iOS 12.5.6 under attack in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has added another vulnerability (a Microsoft Win32k vulnerability CVE-2022-21882) to its Known Exploited Vulnerabilities Catalog.
Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.
Google has released Chrome 91 security update 91.0.4472.101 for Windows, Mac and Linux with fixes for multiple Critical or High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30551 exploited in the wild.
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.
A security researcher released the details of a VirtualBox vulnerability that affects VirtualBox 5.2.20 and earlier versions.
Cyber criminals have been peddling a relatively newer ransomware dubbed Kraken Cryptor targeting victims in multiple countries.