An Internet Explorer zero-day vulnerability (CVE-2014-0322) is actively exploited in the wild in a watering-hole attack targeting visitors to the official website of the U.S.
When compared with the numbers from the previous year, 2013 has seen an increase in reported security vulnerabilities and, what's more, the number of critical vulnerabilities has also risen - although it's considerably smaller than in 2009.
There are a few new rules for this years' edition of the Pwn2Own hacking contest and a huge new prize for an "Exploit Unicorn worthy of myth and legend" - $150,000 for a system-level code execution on Windows 8.1 x64 on Internet Explorer 11 x64 with EMET bypass.
An Italian researcher well known for his exploration of industrial control systems (ICS) has demonstrated the exploitation of a zero-day flaw that can crash or lead to a compromise of Web-based SCADA software that is used in nearly 40 countries all over the world.
The official forums of the openSUSE Linux distribution have been hacked and defaced by a Pakistani hacker that goes by the handle "H4x0r HuSsY." According to THN, the hacker has defaced the site and downloaded a database containing information about nearly 80,000 forum users, and did so by using a private vBulletin zero-day exploit that allowed him to browse, read or write / overwrite any file on the Forum server without root privileges.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.