Tag: zero-day
-
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report.The link, the non-profit organization said, is a “Predator attack attempt based on the technical…
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Deepfakes oben, Zero Days unten Cyber-Eisberg wächst
Agentenbasierte KI (Agentic AI) verwandelt Cyberbedrohungen wie Phishing und Deepfakes in pausenlose Zero-Day-Exploits und automatisierte Ransomware. Die meisten Unternehmen werden damit nicht Schritt halten können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/deepfakes-oben-zero-days-unten
-
Das CISO-Paradoxon: Innovation ermöglichen und Risiken managen
Tags: ai, api, authentication, ciso, cyberattack, edr, encryption, firewall, governance, infrastructure, least-privilege, risk, siem, soc, update, vulnerability, waf, zero-dayCISOs sollten eng mit anderen Teams zusammenarbeiten.Eine der Hauptaufgaben von CISOs besteht darin, nicht mehr die ‘Abteilung des Neins” zu sein. Sie müssen Wege finden, die schnelle Bereitstellung von Produkten und Dienstleistungen für das Unternehmen zu ermöglichen, ohne gleichzeitig neue Risiken einzuführen.Das ist, kurz gesagt, das Paradoxon. In einem Umfeld, in dem Produktteams ständig neue…
-
New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT
In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the country with a multi-stage malware chain. The attack combined authentic-looking government communications with advanced evasion techniques, delivering both a shellcode-based RAT loader and a malicious executable disguised as a GoTo…
-
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its >>Predator
-
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply chain attacks by distributing malicious ML models containing undetectable code. The discoveries underscore a fundamental…
-
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability
A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initial Rejection The issue was first highlighted in March 2025 by researchers at Trend Micro. They…
-
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/android_0_days/
-
University of Pennsylvania joins list of victims from Clop’s Oracle EBS raid
Ivy League school warns more than 1,400 people after attackers siphon data via zero-day First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/clop_university_of_pennsylvania/
-
University of Pennsylvania joins list of victims from Clop’s Oracle EBS raid
Ivy League school warns more than 1,400 people after attackers siphon data via zero-day First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/clop_university_of_pennsylvania/
-
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/
-
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/
-
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/
-
Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild
Google said it found indications that two newly identified vulnerabilities affecting Android “may be under limited, targeted exploitation” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patches-android-0day/
-
Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android versions and require immediate attention from device manufacturers and users. Active Exploitation Confirmed The two CVEs under active exploitation, CVE-2025-48633…
-
Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android versions and require immediate attention from device manufacturers and users. Active Exploitation Confirmed The two CVEs under active exploitation, CVE-2025-48633…
-
Fehler in der Authentifizierung – ZDI macht zwei Zero Days in Nvidias AIStore publik
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-nvidia-aistore-update-empfohlen-a-56619fb01180b2aaa5fd69327d8a79d5/
-
Google addresses 107 Android vulnerabilities, including two zero-days
The company’s latest security update contains the second-highest number of defects patched so far this year. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-december-2025/
-
NETSCOUT wins “Overall Network Security Solution of the Year”
Tags: attack, automation, cloud, compliance, cyber, cybersecurity, data, detection, google, incident response, intelligence, microsoft, network, risk, service, threat, tool, zero-dayThe challenge: Visibility gaps create risk Modern enterprises face expanding attack surfaces, hybrid cloud environments, and increasing operational complexity. Security teams are flooded with alerts but lack the visibility to see what’s truly happening behind them.Many tools promise detection, but few deliver the clarity and confidence that come from true visibility. Without that clarity, investigations…
-
The CISO’s paradox: Enabling innovation while managing risk
Tags: access, attack, authentication, breach, business, ciso, control, data, detection, firewall, governance, identity, infrastructure, jobs, mitigation, risk, service, threat, tool, vulnerability, waf, zero-daySet risk tolerances and guardrails: Teams slow down when they are unsure how to proceed. Take away some of the decision-making and ensure an integration of authentication, authorization and accounting into the development process. For authentication, establish and leverage enterprise identity management solutions rather than allowing the development of accounts written to databases that can…
-
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks
The post Water Gamayun Weaponizes >>MSC EvilTwin
-
Water Gamayun Weaponizes >>MSC EvilTwin<< Zero-Day for Stealthy Backdoor Attacks
The post Water Gamayun Weaponizes >>MSC EvilTwin
-
Alliances between ransomware groups tied to recent surge in cybercrime
Tags: access, attack, awareness, backup, business, cloud, cybercrime, cybersecurity, data, encryption, exploit, extortion, group, healthcare, incident response, intelligence, law, leak, monitoring, ransom, ransomware, saas, service, software, tactics, theft, threat, vpn, vulnerability, zero-dayRansomware groups change tactics to evade law enforcement: The latest quarterly study from Rapid7 also found that newly forged alliances are leading to a spike in ransomware activity while adding that tactical innovations, from refined extortion to double extortion and use of zero day, are also playing a part in increased malfeasance.The quarter also saw…
-
Zero Day in Chrome – Google warnt vor gefährlichen Sicherheitslücken in Cloud und Browser
First seen on security-insider.de Jump to article: www.security-insider.de/google-warnt-vor-sicherheitsluecken-in-cloud-plattform-und-chrome-browser-a-9fe83e203bd3c0b320821877aebfa899/