Tag: zero day

June 5, 2023

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many […]

May 26, 2023

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company’s Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been […]

May 10, 2023

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the […]

April 20, 2023

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 […]

April 19, 2023

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics […]

April 13, 2023

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which […]

March 21, 2023

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 […]

March 14, 2023

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is […]

January 20, 2023

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates […]

December 14, 2022

Apple announced on November 30 that an advisory for iOS 16.1.2 would be released in the coming days. The advisory was published two weeks later, on Patch Tuesday, and it’s unclear why the tech giant waited for so long to […]

October 28, 2022

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan […]

December 9, 2021

SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although there’s currently no evidence of these bugs being exploited in active attacks, threat actors […]

April 12, 2021

Zero day definition A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. The name ultimately derives from the world of digital content piracy: if […]

March 3, 2021

A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as […]

March 3, 2021

Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server, one of the most widely used pieces of enterprise infrastructure. The company says it believes the flaws have been exploited by a China-based group […]

June 2, 2020

Tracked as CVE-2020-9859, the vulnerability was found in the iOS kernel and it can allow an application to achieve unsandboxed, kernel-level code execution. An exploit for the issue was added to the unc0ver 5.0 jailbreak utility, which was released to […]

April 23, 2020

According to ZecOps, the vulnerabilities have existed since iOS 6, a version released in 2012. The company reported its findings to Apple in February and March, and notified the tech giant of attacks exploiting the flaws. The vendor has patched […]

January 9, 2020

Mozilla has patched a Firefox zero-day vulnerability (CVE-2019-17026) that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. About CVE-2019-17026 A day after Mozilla released […]

December 13, 2019

Amid significant increases in both malware and network attacks, multiple Apache Struts vulnerabilities – including one used in the devastating Equifax data breach – appeared for the first time on WatchGuard’s list of most popular network attacks in Q3 2019. […]

December 11, 2019

This month’s batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild. The last Patch Tuesday of 2019 is also Microsoft’s lightest of the year, with fixes […]