Vulnerabilities & Exploits

A new zero-day exploit that reportedly targets a military organization welcomes Patch Tuesday announcements as Microsoft announces a previously unknown vulnerability on Windows systems. (Update: Patch for "Sandworm" vulnerability has been released.)

The breach of investment banking firm JP Morgan Chase has caused the leak of one of the largest number of records to date, reportedly affecting an estimated 76 million households and 7 million small businesses.

Microsoft has announced the discovery of a zero-day vulnerability affecting all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being used in attacks against NATO and several European industries and sectors.

It seems like the floodgates have truly opened for Shellshock-related attacks. Another exploit attack has been detected, targeting a financial institution in China.

Shellshock update: more attacks that exploit the Shellshock vulnerability have been detected, including exploit attempts in Brazil that seem to be targeting government institutions.

There are new reports that mention incidents of botnet attacks that leveraged Shellshock against certain institutions. A botnet is a network of infected computers/systems.

Shortly after the Bash vulnerability known as Shellshock was discovered, we've seen attacks using it to deliver DDoS malware onto Linux systems. Bigger, badder attacks are to be expected. What are some of the other potential scenarios?

Another existing widespread vulnerability known as Shellshock has been found, threatening to compromise millions of systems, servers and devices. What is it, who is affected, and what can you do?

The Bash vulnerability was reportedly already being exploited in the wild, only several hours after news first broke out. At least one sampled malware is capable of launching distributed denial-of-service (DDoS) attacks.