Tag: zero day

January 29, 2024

Trend Micro’s Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities. Researchers from French security outfit Synacktiv took home $450,000 after […]

January 11, 2024

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you’re an admin or a user of the two products affected, VPN service Ivanti Connect Secure (ICS) and network access control […]

November 10, 2023

Microsoft reported the exploitation of a zero-day vulnerability, tracked as CVE-2023-47246, in the SysAid IT support software in limited attacks. The IT giant linked the attacks to the Clop ransomware gang (aka Lace Tempest). The company reported the flaw to […]

October 30, 2023

Notorious ransomware gang LockBit has reportedly exfiltrated “a tremendous amount of sensitive data from aerospace outfit Boeing. VX underground published a screenshot of Lockbit’s announcement, and threat to expose data if Boeing does not engage with it by November 2nd. […]

October 12, 2023

In recent months, the cybersecurity world has been shaken by the revelation of a sophisticated and unprecedented cyber threat: the HTTP/2 Rapid Reset Zero-Day vulnerability. This exploit, tracked as CVE-2023-44487, enabled cybercriminals to orchestrate what has been dubbed the largest […]

October 4, 2023

Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild. Google Threat Analysis […]

October 3, 2023

The US’s Cybersecurity and Infrastructure Security Agency (CISA) has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-5217, received a patch from Google last week and was […]

October 2, 2023

A major flaw in Exim’s mail transfer agent (MTA) software has been detected that has gone without a patch for more than a year. Researchers from Trend Micro’s Zero Day Initiative were tipped off by an anonymous researcher in June […]

September 6, 2023

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case […]

August 29, 2023

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which […]

August 28, 2023

Financial services companies breached as a result of MOVEit zero-day vulnerability are facing a flurry of class action lawsuits over the exposure of sensitive customer financial data. TD Ameritrade and Charles Schwab are the latest firms facing suits, this time […]

August 24, 2023

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it […]

August 8, 2023

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate […]

August 2, 2023

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services, allowing threat actors to craft targeted phishing messages using the company’s domain and infrastructure. “Those phishing campaigns cleverly evade conventional detection methods by chaining […]

July 28, 2023

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. […]

July 25, 2023

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below […]

July 24, 2023

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, […]

July 19, 2023

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of […]

July 14, 2023

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. “A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of […]

July 11, 2023

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors […]