Malware & Threats Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. Eduard Kovacs5 days ago
Malware & Threats Microsoft Patches Two Zero-Days Exploited for Malware Delivery Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. Eduard KovacsApril 10, 2024
Government Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. Ryan NaraineApril 4, 2024
Malware & Threats Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. Ionut ArghireMarch 27, 2024
Malware & Threats Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack... Ryan NaraineMarch 27, 2024
Mobile & Wireless Apple Blunts Zero-Day Attacks With iOS 17.4 Update Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild. Ryan NaraineMarch 5, 2024
Malware & Threats Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. Eduard KovacsFebruary 29, 2024
Vulnerabilities Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day. Ionut ArghireFebruary 20, 2024
Vulnerabilities Microsoft Warns of Exploited Exchange Server Zero-Day Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks. Ionut ArghireFebruary 15, 2024
Malware & Threats Windows Zero-Day Exploited in Attacks on Financial Market Traders CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino). Eduard KovacsFebruary 14, 2024
Vulnerabilities Fortinet Warns of New FortiOS Zero-Day Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild. Eduard KovacsFebruary 9, 2024
Government Google Links Over 60 Zero-Days to Commercial Spyware Vendors More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors. Eduard KovacsFebruary 6, 2024