On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. [...]

Saryu Nayyar, CEO at Gurucul, peeks into Mitre's list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers. [...]

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. [...]

Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. [...]

Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. [...]

The security vulnerability can be exploited with a malicious CSV file. [...]

Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex. [...]

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. [...]

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. [...]

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering. [...]

Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. [...]

An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom. [...]

An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. [...]

Australian immunization app bug lets attackers fake vaccine status. [...]

Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files. [...]

The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks. [...]

Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed. [...]

Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats. [...]

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but according …

Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. [...]

The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets. [...]

A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app. [...]

There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet. [...]

Users should be careful whose pics they view and should, of course, update their apps. [...]

IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers. [...]