Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine.

Microsoft released an emergency update for a zero-day vulnerability disclosed by Google in the Microsoft Malware Protection Engine bundled with most versions of Windows.

Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.

Researchers at Kaspersky Lab today disclosed the activities of the Lamberts APT, a group using many of the tools and tactics found in the Vault 7 dumps.

Researchers have disclosed a zero-day vulnerability and proof-of-concept exploit for a flaw in Microsoft IIS 6.0. The zero-day has been under attack since last July, the researchers said.

While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.

Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.

Zimperium announced Tuesday its N-Days Exploit Acquisition Program that will reward researchers for Android and iOS exploits.

Banks in Asia and Africa have been targeted with exploits for a zero-day vulnerability in InPage publishing software popular in Arabic-speaking nations.

Schneider Electric has recommended a number of mitigations to ward off two critical vulnerabilities in its Magelis HMI products.