Threat actors exploited more zero-day vulnerabilities in 2021 than any prior year and mostly in software from Microsoft, Google, and Apple. State-backed advanced persistent threat actors remained the ...

UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. A ...

What some call the worst cybersecurity catastrophe of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said. The internet has a ...

Haroun joined Android Police in 2021, reporting on the latest stories in the tech world. Since then, he’s gleefully covered everything from the most mundane Google Docs features to more mainstream ...

Google has published its comprehensive list of zero-day exploits detected in 2021. The company’s Project Zero team disclosed a total of 58 zero-days throughout the year, making it one of the busiest ...

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest ...

Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it. Publicly disclosed earlier ...

Last year saw more exploits of zero-day vulnerabilities than any other, with Chinese state-backed operatives leading the way, according to Mandiant. The threat intelligence vendor recorded 80 zero-day ...

Brute-forcing passwords, as well as the exploit of ProxyLogon vulnerabilities against Microsoft Exchange Server, were among the most popular attack vectors last year. According to ESET's Q3 Threat ...

Threat analysts report that zero-day vulnerability exploitation is on the rise, with Chinese hackers using most of them in attacks last year. Zero-day vulnerabilities are security weaknesses in ...

Hackers have released details of a new exploit that allows homebrew and custom firmware to be installed on PS4 consoles running relatively recent firmware. What’s more, the specifics of the exploit ...

A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit ...