Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.
What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Microsoft has released an advisory on a new zero day attack against users of Internet Explorer. While a Fixit is available it may be best to avoid using IE for awhile.
A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker leverage a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.
The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said he found a new zero day exploit for Microsoft's Internet Explorer web browser.
Oracle has released an emergency update fixing four vulnerabilities affecting both Java 6 and Java 7 users.
Java flaws already included in Blackhole exploit kit, Oracle was informed of vulnerabilities in April
The latest Java flaw is already being exploited by criminals. Oracle was notified of the problem in April, but no fix is available. Learn how to disable Java or remove it from your computer to protect yourself.
A new zero-day vulnerability in Java discovered on a Chinese web server being used in a targeted attack is being quickly adopted by online criminals.
Google's "hack the Chrome browser for money" competition is back, with Pwnium 2 set to take place at the 2012 Hack in the Box conference in Kuala Lumpur, Malaysia.
The prize pool's been doubled, if you're interested...
Gmail accounts targeted by 'state-sponsored attackers' using Internet Explorer zero-day vulnerability
Both Google and Microsoft have put out alerts about an unpatched, zero-day hole in Internet Explorer that is actively being exploited in the wild.
Oracle announces the release of Java JDK for OS X Lion and a zero day in its database products that has a proof-of-concept available in the wild.
An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to meddle with any user's status message, opening an opportunity for malware to spread.
A zero-day vulnerability is being exploited in-the-wild to crash BIND 9 DNS servers all over the internet. The flaw, a Denial of Service vulnerability described as an "as-yet unidentified network event" affects all of the currently supported versions of BIND.
Microsoft have released a security advisory for the vulnerability used in the Duqu Trojan. They are providing a workaround, but it disables the use of embedded True Type Fonts.