With its quarterly Critical Patch Update, Oracle has released security fixes for 193 vulnerabilities across all of its products (a good summary can be found here), including the Java zero-day bug (CVE-2015-2590) that is being actively exploited by attackers.
Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java.
It is extremely important that enterprises urgently patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs since 14 vulnerabilities addressed in this security update are remotely exploitable over a network without authentication -- which are the most serious kind of threats.
Google has released Chrome 42 to the stable channel, and among the changes announced is one that will automatically block Oracle's Java plugin and other plugins that use the old NPAPI (Netscape Plugin API).
Dutch infosec firm Fox IT has spotted a lage scale malvertising campaign that seems to originate from Bulgarian Google ad reseller EngageLab.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.