Malware & Threats Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks. Ionut ArghireSeptember 8, 2023
Mobile & Wireless Android Zero-Day Patched With September 2023 Security Updates Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks. Ionut ArghireSeptember 6, 2023
Cybercrime Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money. Eduard KovacsAugust 24, 2023
Vulnerabilities Exploitation of Ivanti Sentry Zero-Day Confirmed While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it. Eduard KovacsAugust 23, 2023
Vulnerabilities CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog. Eduard KovacsAugust 10, 2023
Malware & Threats Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. Eduard KovacsAugust 2, 2023
Malware & Threats Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. Eduard KovacsJuly 31, 2023
Vulnerabilities Zimbra Patches Exploited Zero-Day Vulnerability Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks. Ionut ArghireJuly 28, 2023
Cybercrime Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government An Ivanti EPMM product zero-day vulnerability tracked as CVE-2023-35078 has been exploited in an attack aimed at the Norwegian government. Eduard KovacsJuly 25, 2023
Mobile & Wireless Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks Apple patched another zero-day flaw used in the 'Operation Triangulation' exploit chain. iOS and macOS-powered devices are affected. Ryan NaraineJuly 24, 2023
Vulnerabilities Citrix Zero-Day Exploited Against Critical Infrastructure Organization CISA says the new Citrix zero day vulnerability tracked as CVE-2023-3519 has been exploited against a critical infrastructure organization. Eduard KovacsJuly 21, 2023
Vulnerabilities Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned Citrix has patched several vulnerabilities, including CVE-2023-3519, a critical remote code execution zero-day that has been exploited in attacks. Eduard KovacsJuly 19, 2023