Email Security Russian APT Exploiting Mail Servers Against Government, Defense Organizations Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023. Ionut Arghire5 days ago
Malware & Threats Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants. Ryan Naraine6 days ago
Vulnerabilities Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances. Ionut Arghire7 days ago
Vulnerabilities Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. Ionut Arghire7 days ago
Malware & Threats Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the “exploitation detected” category. Ryan NaraineMay 13, 2025
Nation-State Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024. Ionut ArghireMay 13, 2025
Vulnerabilities SAP Zero-Day Targeted Since January, Many Sectors Impacted Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed. Ionut ArghireMay 9, 2025
Vulnerabilities Possible Zero-Day Patched in SonicWall SMA Appliances SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely. Ionut ArghireMay 8, 2025
Ransomware Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. Eduard KovacsMay 7, 2025
Vulnerabilities Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability. Ionut ArghireMay 6, 2025
Mobile & Wireless Android Update Patches FreeType Vulnerability Exploited as Zero-Day Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine. Ionut ArghireMay 6, 2025
Vulnerabilities Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment Commvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA’s KEV catalog. Ionut ArghireMay 1, 2025