Incident Response
Patch Tuesday: Microsoft patches more than 140 security vulnerabilities in the Windows ecosystem, including a pair of exploited zero-days.
Hi, what are you looking for?
SecurityWeek
All posts tagged "Zero-Day"
Malware & Threats
Cisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant.
Malware & Threats
The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.
Malware & Threats
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
Vulnerabilities
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
Vulnerabilities
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Vulnerabilities
Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
Vulnerabilities
A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.
Nation-State
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
Malware & Threats
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
Malware & Threats
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
Malware & Threats
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware.
Government
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
Malware & Threats
Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest.
Malware & Threats
Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack...
Mobile & Wireless
Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild.
Malware & Threats
North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.
Vulnerabilities
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.
Vulnerabilities
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
Malware & Threats
CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino).
Cybercrime
A cybersecurity incident at WestJet resulted in users experiencing interruptions when accessing the company’s application and website.
Artificial Intelligence
Artificial Intelligence
Cloud Security
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.
Tracking & Law Enforcement
Data Breaches
