Zero-Day

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch

China APT, exploited, Malware & Threats, Microsoft, SharePoint, ToolShell, Zero-Day /

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch 2025-07-22 at 20:47 By Eduard Kovacs Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days. The post Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch appeared first on SecurityWeek. This article is an excerpt […]

React to this headline:

Loading spinner

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch Read More »

ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets

China, China APT, exploited, Featured, Malware & Threats, SharePoint, ToolShell, Vulnerabilities, Zero-Day /

ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets 2025-07-22 at 11:44 By Eduard Kovacs More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities. The post ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets appeared first on SecurityWeek.

React to this headline:

Loading spinner

ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets Read More »

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers

exploited, SharePoint, ToolShell, Vulnerabilities, Zero-Day /

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers 2025-07-21 at 12:50 By Eduard Kovacs Microsoft has started releasing updates to fix the exploited SharePoint zero-days tracked as CVE-2025-53770 and CVE-2025-53771. The post Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Microsoft Patches ‘ToolShell’ Zero-Days Exploited to Hack SharePoint Servers Read More »

Exploited CrushFTP Zero-Day Provides Admin Access to Servers

CrushFTP, exploited, Vulnerabilities, Zero-Day /

Exploited CrushFTP Zero-Day Provides Admin Access to Servers 2025-07-21 at 10:46 By Ionut Arghire Hackers are exploiting a zero-day vulnerability in CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. The post Exploited CrushFTP Zero-Day Provides Admin Access to Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Exploited CrushFTP Zero-Day Provides Admin Access to Servers Read More »

Chrome Update Patches Fifth Zero-Day of 2025

Chrome, exploited, Vulnerabilities, Zero-Day /

Chrome Update Patches Fifth Zero-Day of 2025 2025-07-16 at 10:01 By Ionut Arghire Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year. The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chrome Update Patches Fifth Zero-Day of 2025 Read More »

Chrome 138 Update Patches Zero-Day Vulnerability

Chrome, exploited, Vulnerabilities, Zero-Day /

Chrome 138 Update Patches Zero-Day Vulnerability 2025-07-01 at 10:02 By Ionut Arghire Google has released a Chrome 138 update that patches a high-severity vulnerability with an exploit in the wild. The post Chrome 138 Update Patches Zero-Day Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Chrome 138 Update Patches Zero-Day Vulnerability Read More »

Critical Citrix NetScaler Flaw Exploited as Zero-Day

Citrix, exploited, NetScaler, Vulnerabilities, Zero-Day /

Critical Citrix NetScaler Flaw Exploited as Zero-Day 2025-06-26 at 10:17 By Ionut Arghire Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day. The post Critical Citrix NetScaler Flaw Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Critical Citrix NetScaler Flaw Exploited as Zero-Day Read More »

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks

exploited, Featured, FreeType, Paragon, spyware, Vulnerabilities, WhatsApp, Zero-Day /

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks 2025-06-20 at 13:25 By Eduard Kovacs WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit. The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks Read More »

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

CVE-2025-33053, Incident Response, Malware & Threats, Microsoft, Microsoft Office, Patch Tuesday, Vulnerabilities, WebDAV, Zero-Day /

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ 2025-06-10 at 21:20 By Ryan Naraine Redmond warns that external control of a file name or path in WebDAV “allows an unauthorized attacker to execute code over a network.” The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ Read More »

Google Researchers Find New Chrome Zero-Day

Chrome, Vulnerabilities, Zero-Day /

Google Researchers Find New Chrome Zero-Day 2025-06-03 at 12:06 By Ionut Arghire Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware. The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Google Researchers Find New Chrome Zero-Day Read More »

Vulnerabilities in CISA KEV Are Not Equally Critical: Report

CISA, CISA KEV, Incident Response, Ox Security, Vulnerabilities, Zero-Day /

Vulnerabilities in CISA KEV Are Not Equally Critical: Report 2025-05-28 at 13:13 By Ionut Arghire New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog. The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in CISA KEV Are Not Equally Critical: Report Read More »

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks

China, CityWorks, exploited, Malware & Threats, Trimble, Zero-Day /

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks 2025-05-23 at 12:31 By Ionut Arghire A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US. The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks Read More »

Russian APT Exploiting Mail Servers Against Government, Defense Organizations

APT28, email security, MDaemon, Russia, Zero-Day /

Russian APT Exploiting Mail Servers Against Government, Defense Organizations 2025-05-16 at 13:15 By Ionut Arghire Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023. The post Russian APT Exploiting Mail Servers Against Government, Defense Organizations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Russian APT Exploiting Mail Servers Against Government, Defense Organizations Read More »

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware

Advanced Protection, Android, Google, Lockdown, Malware & Threats, Mobile & Wireless, Zero-Day /

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware 2025-05-14 at 21:18 By Ryan Naraine Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants. The post Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware Read More »

Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances

exploited, Fortinet, Vulnerabilities, Zero-Day /

Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances 2025-05-14 at 13:02 By Ionut Arghire Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances. The post Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances Read More »

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

exploited, Featured, Ivanti, Vulnerabilities, vulnerability, Zero-Day /

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers 2025-05-14 at 11:01 By Ionut Arghire Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Read More »

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday

CVE-2025-30397, CVE-2025-32706, CVE-2025-32709, Malware & Threats, Microsoft, Patch Tuesday, Vulnerabilities, Windows CLFS, Zero-Day /

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday 2025-05-13 at 21:16 By Ryan Naraine Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the “exploitation detected” category. The post Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday Read More »

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying 

exploited, Iraq, Nation-State, Output Messenger, Turkey, Zero-Day /

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  2025-05-13 at 14:04 By Ionut Arghire A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024. The post Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  Read More »

SAP Zero-Day Targeted Since January, Many Sectors Impacted 

China, exploited, SAP, Vulnerabilities, Zero-Day /

SAP Zero-Day Targeted Since January, Many Sectors Impacted  2025-05-09 at 14:01 By Ionut Arghire Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed. The post SAP Zero-Day Targeted Since January, Many Sectors Impacted  appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

SAP Zero-Day Targeted Since January, Many Sectors Impacted  Read More »

Possible Zero-Day Patched in SonicWall SMA Appliances

exploited, Featured, SMA, SonicWall, Vulnerabilities, vulnerability, Zero-Day /

Possible Zero-Day Patched in SonicWall SMA Appliances 2025-05-08 at 16:11 By Ionut Arghire SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely. The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Possible Zero-Day Patched in SonicWall SMA Appliances Read More »

Scroll to Top