Due to a reporting error, the story, "New attacks leverage unpatched IE flaw, Microsoft warns," published Friday confused two similar Windows flaws, both of which were disclosed in January, by two different parties. The bug being used in the new attacks was disclosed anonymously on the Full Disclosure mailing list. The story has been corrected on the wire. Due to a reporting error, the story, “New attacks leverage unpatched IE flaw, Microsoft warns,” published Friday confused two similar Windows flaws, both of which were disclosed in January, by two different parties. The bug being used in the new attacks was disclosed anonymously on the Full Disclosure mailing list. The story has been corrected on the wire.The second headline now reads:The bug was disclosed in January, but it’s now being used in targeted attacksThe first paragraph has been changed to read: An Internet Explorer flaw made public two months ago is now being used in online attacks.The fifth paragraph reads: The flaw lies in the Windows MHTML (Mime HTML) parsing software used by Internet Explorer, and affects all currently supported versions of Windows. It was disclosed on the Full Disclosure mailing list in January.The seventh and ninth paragraphs have been removed. Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe