Network Security ‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history. Eduard KovacsOctober 10, 2023
Malware & Threats Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. Ryan NaraineOctober 4, 2023
Application Security Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. Ryan NaraineOctober 4, 2023
Mobile & Wireless Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors. Ionut ArghireOctober 3, 2023
Vulnerabilities Cisco Warns of IOS Software Zero-Day Exploitation Attempts Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. Ionut ArghireSeptember 28, 2023
Vulnerabilities Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. Eduard KovacsSeptember 28, 2023
Mobile & Wireless Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. Eduard KovacsSeptember 25, 2023
Mobile & Wireless Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones Apple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. Eduard KovacsSeptember 22, 2023
Endpoint Security Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. Eduard KovacsSeptember 19, 2023
Malware & Threats After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery After Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware. Eduard KovacsSeptember 13, 2023
Malware & Threats Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh Patch Tuesday warning about malware attacks in the wild. Ryan NaraineSeptember 12, 2023
Vulnerabilities Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters Google has released a Chrome 116 security update to patch CVE-2023-4863, the fourth Chrome zero-day vulnerability documented in 2023. Ionut ArghireSeptember 12, 2023