The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”

Fifth Domain: Why the market for zero-day vulnerabilities on the dark web is vanishing

Fifth Domain: Why the market for zero-day vulnerabilities on the dark web is vanishing. “For years the secretive market for zero-day exploits — unpatched bugs in software or hardware — thrived in the dark corners of the internet. But vulnerability sales have been all but driven off the dark web, according to experts, and now operate in the open.”

Threatpost: Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

Threatpost: Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution. “According to the Zero Day Initiative (ZDI), the flaw is an out-of-bounds (OOB) write in the Microsoft JET Database Engine, which underlies the Microsoft Access and Visual Basic software; it’s a less well-known alternative to Microsoft’s flagship SQL Server.”

Security: Tor 0-day revealed on Twitter by vulnerability vendor (BetaNews)

BetaNews: Security: Tor 0-day revealed on Twitter by vulnerability vendor. “It’s just two weeks since a Windows 0-day was revealed on Twitter, and now the same thing has happened for the Tor browser. Zerodium — self-described as ‘the premium exploit acquisition program’ — exposed a backdoor vulnerability in Tor that makes it possible to bypass security protections.”

BetaNews: Malware writers exploit recent Windows Task Scheduler 0-day vulnerability

BetaNews: Malware writers exploit recent Windows Task Scheduler 0-day vulnerability. “It’s a little over a week since a vulnerability in the Windows Task Scheduler was revealed. A patch for the 0-day has been released by third party security firm 0patch, but there’s bad news for anyone who hasn’t secure their system against the security threat — malware writers are already taking advantage of the flaw.”