Supply Chain Security
A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack.
Hi, what are you looking for?
SecurityWeek
All posts tagged "Zero-Day"
Nation-State
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days.
Vulnerabilities
Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.
Vulnerabilities
Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.
Vulnerabilities
Ivanti says a few more CSA zero-day vulnerabilities have been found to be exploited in attacks where they are chained with CVE-2024-8963.
Vulnerabilities
Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild.
Data Breaches
A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.
Vulnerabilities
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
Cyberwarfare
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
Nation-State
A WPS Office zero-day vulnerability tracked as CVE-2024-7262 was exploited by South Korean hacker group APT-C-60.
Vulnerabilities
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
Vulnerabilities
Chrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
Nation-State
The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems.
Vulnerabilities
The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.
Vulnerabilities
ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.
Malware & Threats
Security experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.
Vulnerabilities
Microsoft's security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited...
Vulnerabilities
Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.
Malware & Threats
The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos.
Malware & Threats
The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer.
Cybercrime
A cybersecurity incident at WestJet resulted in users experiencing interruptions when accessing the company’s application and website.
Artificial Intelligence
Artificial Intelligence
Cloud Security
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.
Tracking & Law Enforcement
Data Breaches
