The Hacker News

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Microsoft’s October 2025 Patch Tuesday fixes 183 flaws, including three exploited zero-days and two 9.9 CVSS bugs.
Tom's Hardware on MSN

New 7-Zip high-severity vulnerabilities expose systems to remote attackers — users should update to version 25 ASAP

Two newly disclosed vulnerabilities in 7-Zip could allow attackers to execute arbitrary code by tricking users into opening a ...
Security Boulevard

Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Critical158Important2Moderate0LowMicrosoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day ...
Guru3D

Update 7-Zip: ZIP Symlink Vulnerabilities Enable Code Execution on Windows

If you use 7-Zip to handle your ZIP files, it’s time to update right away. Two serious security flaws discovered by Trend Micro’s Zero Day Initiative (ZDI) can let attackers run code on your computer ...
Bleeping Computer

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. This Patch Tuesday ...
Security

Zero-day, zero-click vulnerabilities in Mozilla and Windows exploited by Russia-aligned RomCom APT

ESET researchers discovered a previously unknown vulnerability, CVE-2024-9680, in Mozilla products, exploited in the wild by the Russia-aligned APT group RomCom. Further analysis revealed another zero ...

Two critical flaws put 7-Zip users at risk of remote code execution

Two recently discovered security flaws could make 7-Zip a serious risk to data and system security. These bugs had been known internally for months, and 7-Zip ...
Geeky Gadgets

Windows Wi-Fi Driver Remote Code Execution Vulnerability explained

A severe security flaw, CVE-2024-3078, has been discovered in the Windows Wi-Fi driver. This vulnerability allows remote code execution at the kernel level without needing user interaction or ...
The Hacker News

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Huntress reports active exploitation of Gladinet CVE-2025-11371, exposing system files and enabling remote code execution.
Ars Technica

Critical Windows code-execution vulnerability went undetected until now

Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ...
Bleeping Computer

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User ...
Wired

You Need to Update Chrome, Windows, and Zoom Right Now

All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links. Learn more. Updates ...