The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon.

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.

The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The high-severity defect affects a widely used — but largely hidden — archive tool that spans many forks.

The tech giant addressed a record-high number of defects for the year in its latest update.

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.