Tag: zero-day
-
TruffleNet and Cloud Abuse at Scale: An Identity Architecture Failure
The recent TruffleNet campaign, first documented by Fortinet, highlights a familiar and uncomfortable truth for security leaders: some of the most damaging cloud attacks aren’t exploiting zero-day vulnerabilities. They’re exploiting identity models that were never designed for the scale and automation of modern cloud environments. Nothing about this attack was novel. That’s precisely the problem….…
-
TruffleNet and Cloud Abuse at Scale: An Identity Architecture Failure
The recent TruffleNet campaign, first documented by Fortinet, highlights a familiar and uncomfortable truth for security leaders: some of the most damaging cloud attacks aren’t exploiting zero-day vulnerabilities. They’re exploiting identity models that were never designed for the scale and automation of modern cloud environments. Nothing about this attack was novel. That’s precisely the problem….…
-
Chinese attackers exploiting zero-day to target Cisco email security products
Chinese hackers have been exploiting a vulnerability in a popular Cisco email management tool since late November, the company said in an advisory. First seen on therecord.media Jump to article: therecord.media/chinese-attackers-zero-day
-
Another bad week for SonicWall as SMA 1000 zero-day under active exploit
Flaw in remote-access appliance lets attackers chain bugs for root-level takeover First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/sonicwall_sma_1000_0day/
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
Cisco confirms zero-day exploitation of Secure Email products
Rebuild guidance and operational tradeoffs: Cisco has said that wiping and rebuilding appliances is currently required in cases where compromise has been confirmed.”From a security standpoint, it is indeed the right call,” Tyagi said. “When there’s a risk that attackers have embedded themselves deep in a system, patching alone won’t solve the issue. Rebuilding is…
-
Cisco confirms zero-day exploitation of Secure Email products
Rebuild guidance and operational tradeoffs: Cisco has said that wiping and rebuilding appliances is currently required in cases where compromise has been confirmed.”From a security standpoint, it is indeed the right call,” Tyagi said. “When there’s a risk that attackers have embedded themselves deep in a system, patching alone won’t solve the issue. Rebuilding is…
-
Backdoors eingeschleust: Chinesische Hacker kapern seit Wochen Cisco-Systeme
Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
-
Ungepatchte Sicherheitslücke: Chinesische Hacker kapern seit Wochen Cisco-Systeme
Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
-
Hackers Actively Exploit SonicWall SMA1000 Zero-Day to Escalate Privileges
SonicWall has issued an urgent security advisory warning of active exploitation of a local privilege escalation vulnerability affecting its SMA1000 appliances. The flaw, tracked as CVE-2025-40602, enables attackers with management console access to gain elevated privileges and potentially achieve complete system control. The vulnerability stems from insufficient authorization checks in the SonicWall SMA1000 Appliance Management…
-
Ungepatchte Sicherheitslücke: Cisco-Systeme werden seit Wochen attackiert
Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. First seen on golem.de Jump to article: www.golem.de/news/ungepatchte-sicherheitsluecke-cisco-systeme-werden-seit-wochen-attackiert-2512-203379.html
-
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands
Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…
-
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands
Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…
-
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.The networking equipment major said it became aware of the intrusion campaign on December…
-
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
Tags: access, advisory, attack, authentication, control, cve, cyber, data, exploit, firewall, flaw, injection, international, mobile, ransomware, sql, vulnerability, zero-dayA zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006. Key takeaways: CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization…
-
Attacks pummeling Cisco AsyncOS 0-day since late November
No timeline for a patch First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/
-
Zeroday Cloud hacking event awards $320,0000 for 11 zero days
The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zeroday-cloud-hacking-event-awards-320-0000-for-11-zero-days/
-
Exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Cisco, SonicWall Disclose New Attacks Exploiting Zero-Day Flaws
Zero-day vulnerabilities in Cisco and SonicWall products have been exploited in new cyberattack campaigns, the vendors disclosed Wednesday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisco-sonicwall-disclose-new-attacks-exploiting-zero-day-flaws
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
SonicWall warns of actively exploited flaw in SMA 100 AMC
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
-
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/
-
SonicWall warns of actively exploited flaw in SMA 100 AMC
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
-
Cisco says Chinese hackers are exploiting its customers with a new zero-day
Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company’s most popular products. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/17/cisco-says-chinese-hackers-are-exploiting-its-customers-with-a-new-zero-day/
-
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
-
Sonicwall warns of new SMA1000 zero-day exploited in attacks
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…