Government Google Links Over 60 Zero-Days to Commercial Spyware Vendors More than 60 of the Adobe, Google, Android, Microsoft, Mozilla and Apple zero-days that have come to light since 2016 attributed to spyware vendors. Eduard KovacsFebruary 6, 2024
Malware & Threats CISA Sets 48-Hour Deadline for Removal of Insecure Ivanti Products In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48... Ryan NaraineFebruary 1, 2024
Malware & Threats Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet. Ionut ArghireJanuary 31, 2024
Malware & Threats Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. Ryan NaraineJanuary 22, 2024
Vulnerabilities Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. Eduard KovacsJanuary 17, 2024
Vulnerabilities Google Warns of Chrome Browser Zero-Day Being Exploited The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. Ryan NaraineJanuary 16, 2024
Malware & Threats Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. Eduard KovacsJanuary 16, 2024
Malware & Threats Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. Eduard KovacsJanuary 12, 2024
Nation-State Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22. Ryan NaraineJanuary 10, 2024
Malware & Threats Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ The new Barracuda ESG zero-day CVE-2023-7102 has been used by Chinese hackers to target organizations in the US and APJ region. Eduard KovacsDecember 28, 2023
Email Security Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances. Eduard KovacsDecember 27, 2023
Vulnerabilities Google Rushes to Patch Eighth Chrome Zero-Day This Year Google warns of in-the-wild exploitation of CVE-2023-7024, a new Chrome vulnerability, the eighth documented this year. Ionut ArghireDecember 21, 2023