-
Windows MSHTML zero-day used in malware attacks for over a year
Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.
- July 10, 2024
- 12:04 PM
5
-
Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.
- July 09, 2024
- 01:52 PM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Google now pays $250,000 for KVM zero-day vulnerabilities
Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits.
- July 02, 2024
- 02:06 PM
- 0
-
Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
- July 01, 2024
- 01:46 PM
- 0
-
"Researchers" exploit Kraken exchange bug, steal $3 million in crypto
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds.
- June 19, 2024
- 10:51 AM
- 0
-
CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.
- June 14, 2024
- 12:39 PM
- 0
-
Google patches exploited Android zero-day on Pixel devices
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.
- June 12, 2024
- 03:06 PM
- 3
-
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
- June 12, 2024
- 06:00 AM
- 0
-
TikTok fixes zero-day bug used to hijack high-profile accounts
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.
- June 04, 2024
- 05:57 PM
- 0
-
Check Point VPN zero-day exploited in attacks since April 30
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.
- May 29, 2024
- 03:39 PM
- 0
-
Check Point releases emergency fix for VPN zero-day exploited in attacks
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.
- May 29, 2024
- 09:31 AM
- 0
-
Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild.
- May 24, 2024
- 05:30 AM
- 0
-
QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
- May 20, 2024
- 10:57 AM
- 0
-
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
- May 15, 2024
- 06:36 PM
- 3
-
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
- May 14, 2024
- 06:10 PM
- 0
-
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
- May 14, 2024
- 02:18 PM
- 0
-
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition.
- May 14, 2024
- 11:56 AM
- 0
-
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
- May 14, 2024
- 10:48 AM
- 0
-
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
- May 14, 2024
- 04:10 AM
- 0
-
Apple backports fix for zero-day exploited in attacks to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks.
- May 13, 2024
- 05:47 PM
- 0
1
