Zero-Day

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day

CrushFTP, CVE-2024-4040, Malware & Threats, Vulnerabilities, Zero-Day /

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day 2024-04-26 at 17:16 By Ionut Arghire More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed […]

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day Read More »

Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge

exploited, Featured, Malware & Threats, Nation-State, Palo Alto Networks, Zero-Day /

Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge 2024-04-15 at 14:00 By Eduard Kovacs Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.  The post Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge appeared

Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge Read More »

Microsoft Patches Two Zero-Days Exploited for Malware Delivery

exploited, Malware & Threats, Vulnerabilities, Zero-Day /

Microsoft Patches Two Zero-Days Exploited for Malware Delivery 2024-04-10 at 13:27 By Eduard Kovacs Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Microsoft Patches Two Zero-Days Exploited for Malware Delivery Read More »

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz

CVE-2023-46805, CVE-2024-21887, Government, Ivanti, Nation-State, Pulse Secure, Vulnerabilities, Zero-Day /

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz 2024-04-04 at 22:31 By Ryan Naraine Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek. This article is an

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz Read More »

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

Google TAG, Lockdown Mode, Malware & Threats, Mandiant, Nation-State, Vulnerabilities, Zero-Day /

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own

Google Chrome, Malware & Threats, Pwn2Own, Vulnerabilities, Zero-Day /

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own 2024-03-27 at 17:01 By Ionut Arghire Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own Read More »

Apple Blunts Zero-Day Attacks With iOS 17.4 Update

CVE-2024-23225, CVE-2024-23296, IOS 17.4, Mobile & Wireless, Vulnerabilities, Zero-Day /

Apple Blunts Zero-Day Attacks With iOS 17.4 Update 2024-03-05 at 23:01 By Ryan Naraine Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild. The post Apple Blunts Zero-Day Attacks With iOS 17.4 Update appeared first on SecurityWeek. This article is an

Apple Blunts Zero-Day Attacks With iOS 17.4 Update Read More »

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

CVE-2024-21338, exploited, Featured, Lazarus, Malware & Threats, North Korea, Vulnerabilities, Windows, Zero-Day /

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack 2024-02-29 at 13:46 By Eduard Kovacs North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek. This article is an excerpt from

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack Read More »

Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers

Exchange, exploited, Vulnerabilities, Zero-Day /

Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers 2024-02-20 at 17:02 By Ionut Arghire Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day. The post Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers Read More »

Microsoft Warns of Exploited Exchange Server Zero-Day

Exchange, exploited, Microsoft Outlook, Vulnerabilities, Zero-Day /

Microsoft Warns of Exploited Exchange Server Zero-Day 2024-02-15 at 13:46 By Ionut Arghire Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks. The post Microsoft Warns of Exploited Exchange Server Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Microsoft Warns of Exploited Exchange Server Zero-Day Read More »

Windows Zero-Day Exploited in Attacks on Financial Market Traders

Malware & Threats, Windows, Zero-Day /

Windows Zero-Day Exploited in Attacks on Financial Market Traders 2024-02-14 at 14:17 By Eduard Kovacs CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). The post Windows Zero-Day Exploited in Attacks on Financial Market Traders appeared first on SecurityWeek. This article is an excerpt from

Windows Zero-Day Exploited in Attacks on Financial Market Traders Read More »

Fortinet Warns of New FortiOS Zero-Day

exploited, Featured, Fortinet, Vulnerabilities, Zero-Day /

Fortinet Warns of New FortiOS Zero-Day 2024-02-09 at 13:46 By Eduard Kovacs Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild. The post Fortinet Warns of New FortiOS Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Fortinet Warns of New FortiOS Zero-Day Read More »

Google Links Over 60 Zero-Days to Commercial Spyware Vendors

Featured, Google, Government, spyware, Tracking & Law Enforcement, Zero-Day /

Google Links Over 60 Zero-Days to Commercial Spyware Vendors 2024-02-06 at 13:16 By Eduard Kovacs More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors.  The post Google Links Over 60 Zero-Days to Commercial Spyware Vendors appeared first on SecurityWeek. This

Google Links Over 60 Zero-Days to Commercial Spyware Vendors Read More »

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products

CISA KEV, Ivanti, Malware & Threats, VPN, Vulnerabilities, Zero-Day /

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products 2024-02-01 at 19:01 By Ryan Naraine In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared first

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products Read More »

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet

botnet, exploited, Malware & Threats, Zero-Day /

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet 2024-01-31 at 12:32 By Ionut Arghire Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet. The post Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet Read More »

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

iOS 17.3, macOS Sonoma, Malware & Threats, Vulnerabilities, WebKit, Zero-Day /

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation 2024-01-22 at 22:31 By Ryan Naraine Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek. This article is

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation Read More »

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

Citrix, exploited, Vulnerabilities, Zero-Day /

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation 2024-01-17 at 12:16 By Eduard Kovacs Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. The post Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation appeared first on SecurityWeek. This article is an excerpt from

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation Read More »

Google Warns of Chrome Browser Zero-Day Being Exploited

CVE-2024-0519, Featured, Google Chrome, V8 Engine, Vulnerabilities, Zero-Day /

Google Warns of Chrome Browser Zero-Day Being Exploited 2024-01-16 at 23:31 By Ryan Naraine The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. The post Google Warns of Chrome Browser Zero-Day Being Exploited appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Google Warns of Chrome Browser Zero-Day Being Exploited Read More »

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

exploited, Featured, Ivanti, Malware & Threats, Zero-Day /

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins 2024-01-16 at 12:46 By Eduard Kovacs The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. The post Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins appeared first on SecurityWeek. This article

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins Read More »

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout

China, espionage, Ivanti, Malware & Threats, Zero-Day /

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout 2024-01-12 at 13:16 By Eduard Kovacs Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. The post Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout appeared first on SecurityWeek. This

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout Read More »

Scroll to Top