Latest Zero-Day news

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.
- Sergiu Gatlan
- September 26, 2023
- 11:55 AM
- 0
Recently patched Apple, Chrome zero-days exploited in spyware attacks

Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware.
- Sergiu Gatlan
- September 22, 2023
- 02:16 PM
- 0
Apple emergency updates fix 3 new zero-days exploited in attacks

Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.
- Sergiu Gatlan
- September 21, 2023
- 01:57 PM
- 1
Trend Micro fixes endpoint protection zero-day used in attacks

Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
- Bill Toulas
- September 19, 2023
- 05:11 PM
- 0
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.
- Sergiu Gatlan
- September 12, 2023
- 05:32 PM
- 0
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.
- Lawrence Abrams
- September 12, 2023
- 02:11 PM
- 0
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.
- Sergiu Gatlan
- September 12, 2023
- 01:42 PM
- 0
Apple backports BLASTPASS zero-day fix to older iPhones

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
- Bill Toulas
- September 12, 2023
- 09:42 AM
- 0
Google fixes another Chrome zero-day bug exploited in attacks

Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.
- Sergiu Gatlan
- September 11, 2023
- 03:46 PM
- 0
Notepad++ 8.5.7 released with fixes for four security vulnerabilities

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.
- Bill Toulas
- September 08, 2023
- 03:46 PM
- 0
Cisco warns of VPN zero-day exploited by ransomware gangs

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
- Bill Toulas
- September 08, 2023
- 09:32 AM
- 0
Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.
- Sergiu Gatlan
- September 07, 2023
- 01:58 PM
- 0
Google: State hackers attack security researchers with new zero-day

Google's Threat Analysis Group (TAG) says North Korean state hackers are again targeting security researchers in attacks using at least one zero-day in an undisclosed popular software.
- Sergiu Gatlan
- September 07, 2023
- 12:48 PM
- 0
September Android updates fix zero-day exploited in attacks

The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild.
- Sergiu Gatlan
- September 06, 2023
- 12:20 PM
- 1
Atlas VPN zero-day vulnerability leaks users' real IP address

An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website.
- Bill Toulas
- September 05, 2023
- 04:03 PM
- 0
US govt email servers hacked in Barracuda zero-day attacks

Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.
- Sergiu Gatlan
- August 29, 2023
- 08:00 AM
- 2
FBI warns of patched Barracuda ESG appliances still being hacked

The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks.
- Sergiu Gatlan
- August 24, 2023
- 03:09 PM
- 0
WinRAR zero-day exploited since April to hack trading accounts

A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
- Bill Toulas
- August 23, 2023
- 09:53 AM
- 0
Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
- Sergiu Gatlan
- August 21, 2023
- 11:28 AM
- 0
Microsoft Office update breaks actively exploited RCE attack chain

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.
- Ionut Ilascu
- August 08, 2023
- 04:15 PM
- 0