exploit

New Mirai variants target routers and DVRs in parallel campaigns

New Mirai variants target routers and DVRs in parallel campaigns 2026-04-22 at 16:42 By Zeljka Zorz Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging […]

New Mirai variants target routers and DVRs in parallel campaigns Read More »

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild 2026-04-17 at 14:32 By Zeljka Zorz The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild Read More »

Acrobat Reader zero-day exploited in the wild for many months

Acrobat Reader zero-day exploited in the wild for many months 2026-04-09 at 15:44 By Zeljka Zorz Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based

Acrobat Reader zero-day exploited in the wild for many months Read More »

BlueHammer: Windows zero-day exploit leaked

BlueHammer: Windows zero-day exploit leaked 2026-04-08 at 23:29 By Zeljka Zorz A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit

BlueHammer: Windows zero-day exploit leaked Read More »

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors 2026-03-18 at 17:54 By Ionut Arghire Targeting six iOS vulnerabilities and leading to full device compromise, the exploit chain is meant for surveillance. The post ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors appeared first on SecurityWeek. This article is an excerpt from

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors Read More »

174 Vulnerabilities Targeted by RondoDox Botnet

174 Vulnerabilities Targeted by RondoDox Botnet 2026-03-17 at 14:47 By Ionut Arghire The botnet has increased its activity, peaking at 15,000 exploitation attempts per day, and taking a more targeted approach. The post 174 Vulnerabilities Targeted by RondoDox Botnet appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

174 Vulnerabilities Targeted by RondoDox Botnet Read More »

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

Apple Updates Legacy iOS Versions to Patch Coruna Exploits 2026-03-12 at 17:36 By Eduard Kovacs The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities. The post Apple Updates Legacy iOS Versions to Patch Coruna Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Updates Legacy iOS Versions to Patch Coruna Exploits Read More »

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) 2026-03-05 at 14:27 By Zeljka Zorz A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) Read More »

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks 2026-03-05 at 06:29 By Kevin Townsend Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. The post Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks appeared first on SecurityWeek. This article

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks Read More »

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) 2026-02-25 at 19:04 By Zeljka Zorz A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) Read More »

Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia

Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia 2026-02-25 at 14:59 By Ionut Arghire Peter Williams was sentenced to 87 months in prison for selling cyber exploits to a Russian broker. The post Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia appeared first on SecurityWeek. This article is an excerpt from

Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell 2026-01-30 at 07:09 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified a Linux intrusion chain leveraging a highly obfuscated, fileless loader that deploys a weaponized variant of hackshell entirely from memory. Cyble tracks this activity under the name ShadowHS, reflecting

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell Read More »

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure 2026-01-09 at 13:39 By Ionut Arghire Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. The post Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure appeared first on SecurityWeek. This article is an

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »

Former US Defense Contractor Executive Admits to Selling Exploits to Russia

Former US Defense Contractor Executive Admits to Selling Exploits to Russia 2025-10-30 at 11:32 By Ionut Arghire Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker. The post Former US Defense Contractor Executive Admits to Selling Exploits to Russia appeared first on SecurityWeek. This article is

Former US Defense Contractor Executive Admits to Selling Exploits to Russia Read More »

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal 2025-10-25 at 23:58 By Eduard Kovacs WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.  The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek. This article

$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal Read More »

Scroll to Top