0-day

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) 2026-03-20 at 15:21 By Zeljka Zorz A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering […]

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) Read More »

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) 2026-02-25 at 19:04 By Zeljka Zorz A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) Read More »

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) 2026-02-25 at 12:14 By Zeljka Zorz CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) Read More »

European Commission hit by cyberattackers targeting mobile management platform

European Commission hit by cyberattackers targeting mobile management platform 2026-02-09 at 16:02 By Zeljka Zorz The European Commission’s mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU’s executive branch announced on Friday. The intrusion was detected on January 30, 2026, by CERT-EU, the

European Commission hit by cyberattackers targeting mobile management platform Read More »

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) 2026-01-30 at 05:32 By Zeljka Zorz Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog. Investigating potential

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) Read More »

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) 2026-01-27 at 11:22 By Zeljka Zorz Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) Read More »

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) 2025-12-15 at 12:58 By Zeljka Zorz Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of Chrome, though at

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) Read More »

Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)

Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) 2025-12-02 at 16:48 By Zeljka Zorz Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core

Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) Read More »

Google patches yet another exploited Chrome zero-day (CVE-2025-13223)

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) 2025-11-18 at 14:13 By Zeljka Zorz Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine used by

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) Read More »

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) 2025-11-11 at 17:38 By Zeljka Zorz CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian agencies to address it by the start of December. “This type of vulnerability is a frequent attack

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) Read More »

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480)

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) 2025-11-11 at 14:47 By Zeljka Zorz Attackers have exploited a now-fixed vulnerability (CVE-2025-12480) in the Gladinet Triofox secure file sharing and remote access platform while it was still a zero-day, Mandiant revealed on Monday. CVE-2025-12480 exploitation and attack details Gladinet’s Triofox solution is used by medium and large

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) Read More »

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) 2025-10-23 at 17:10 By Zeljka Zorz CVE-2025-61932, an “improper verification of source of a communication channel” vulnerability affecting Lanscope Endpoint Manager, has been exploited as a zero-day since April 2025, the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) warned on Wednesday. According to information received

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) Read More »

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) 2025-10-17 at 15:29 By Zeljka Zorz Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. “The operation targeted victims running older Linux systems that do not have endpoint detection response solutions,” Trend Micro

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) Read More »

SAP zero-day wake-up call: Why ERP systems need a unified defense

SAP zero-day wake-up call: Why ERP systems need a unified defense 2025-10-17 at 08:52 By Help Net Security In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they

SAP zero-day wake-up call: Why ERP systems need a unified defense Read More »

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) 2025-10-10 at 13:40 By Zeljka Zorz CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) Read More »

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts 2025-10-01 at 13:36 By Zeljka Zorz Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) for months, there are still around 48,000 vulnerable appliances out there. The number is provided by

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Scroll to Top