Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.
Apple has patched zero days in the kernel of macOS Monterey and Big Sur and also fixed 11 vulnerabilities with the release of iOS 16.
At least half of the zero days exploited in the wild in 2022 are variants of previously fixed bugs, Google data shows.
Caitlin Condon, vulnerability research manager at Rapid7, talks about the rise of “widespread threats,” how the time to exploitation by attackers has shifted and what that means for security teams.
Federal agencies have until March 1 to fix a pair of actively exploited flaws in Google Chrome and Adobe's Commerce and Magento platforms.