Tag: zero-day
-
Sicherheitslücke ermöglicht Systemkontrolle – Notfallpatch für kritische Zero-Day-Schwachstelle in SAP NetWeaver
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-sap-netweaver-notfall-patch-a-0ea1dd66a85bfdbb1f30565bc8b6ef22/
-
75 zero-days seen in 2024 as nations, spyware vendors continue exploitation
by
in SecurityNewsGoogle’s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year. First seen on therecord.media Jump to article: therecord.media/google-zero-day-report-2024
-
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked asCVE-2025-31324(CVSS score of 10/10), in SAP NetWeaver is…
-
Zero-day intrusion purportedly thwarts BreachForums comeback
by
in SecurityNews
Tags: zero-dayFirst seen on scworld.com Jump to article: www.scworld.com/brief/zero-day-intrusion-purportedly-thwarts-breachforums-comeback
-
44% of the zero-days exploited in 2024 were in enterprise solutions
by
in SecurityNewsIn 2024, threat actors exploited 75 zero-days i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch in a wide variety of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/29/44-of-the-zero-days-exploited-in-2024-were-in-enterprise-solutions/
-
Are Puppies the New Booth Babes: What Do You Think?
by
in SecurityNewsWalking the floor of the RSA Conference (RSAC) this year, amid the sea of booths packed with flashing monitors, cybersecurity swag and endless sales pitches, one booth stood out, and not for its tech demos or zero-day revelations. Orca Security set up a puppy pen, a roped-off area where a collection of adorable.. First seen…
-
Governments are using zero-day hacks more than ever
by
in SecurityNewsGoogle says zero-day threats are trending upward even as total detections fell in 2024. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/google-governments-are-using-zero-day-hacks-more-than-ever/
-
Enterprise tech dominates zero-day exploits with no signs of slowdown
by
in SecurityNewsAs Big Tech gets used to the pain, smaller vendors urged to up their game First seen on theregister.com Jump to article: www.theregister.com/2025/04/29/enterprise_tech_zeroday_google/
-
Google Reports 75 Zero-Day Vulnerabilities Actively Exploited in the Wild
by
in SecurityNewsIn a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022. These vulnerabilities, defined as flaws exploited before a patch becomes publicly available, underscore a persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
by
in SecurityNews
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
97 zero-days exploited in 2024, over 50% in spyware attacks
by
in SecurityNewsGoogle’s Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/
-
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024
by
in SecurityNewsGoogle tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms,…
-
Google Reports 75 Zero-Days Exploited in 2024, 44% Targeted Enterprise Security Products
by
in SecurityNewsGoogle has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances.”Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third…
-
Zero-day exploitation drops slightly from last year, Google report finds
by
in SecurityNewsGoogle’s threat intelligence team said software vendor security practices are making it harder for hackers to find flaws in some platforms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-exploits-google-report-vulnerabilities-enterprise/746556/
-
Government hackers are leading the use of attributed zero-days, Google says
by
in SecurityNewsGovernments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
Zero-Day Exploitation Figure Surges 19% in Two Years
by
in SecurityNewsGoogle claims 19% more zero-day bugs were exploited in 2024 than 2022 as threat actors focus on security products First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/zeroday-exploitation-surges-19-two/
-
Desired Effect Marketplace: Researchers Get Their Due, Defenders Get Realtime Info on Zero Days
by
in SecurityNewsDesired Effect, if it operates as billed, opens up a world of cutting-edge research to defenders, including zero-day vulnerability data and tailored exploit products. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/desired-effect-marketplace-researchers-get-their-due-defenders-get-realtime-info-on-zero-days/
-
The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning
by
in SecurityNewsBreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums…
-
Intrusions chaining critical Craft CMS zero-days ongoing
by
in SecurityNews
Tags: zero-dayFirst seen on scworld.com Jump to article: www.scworld.com/brief/intrusions-chaining-critical-craft-cms-zero-days-ongoing
-
Threat Actors Hacking SAP Critical Zero-Day
by
in SecurityNewsUnauthenticated Hackers Exploit CVE-2025-31324 to Upload Webshells. Threat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP’s security division, Onapsis, disclosed that CVE-2025-31324 is actively exploited in the wild. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/threat-actors-hacking-sap-critical-zero-day-a-28098
-
Exposure Management Works When the CIO and CSO Are in Sync
by
in SecurityNews
Tags: access, ai, attack, business, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, endpoint, finance, infrastructure, jobs, office, risk, strategy, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIO/CSO relationship is key to a successful exposure management program. You can read the entire Exposure Management Academy series here. When I…
-
SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells
by
in SecurityNewsSAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This vulnerability, with a maximum CVSSv3 severity score of 10.0, stems from a missing authorization check within the Metadata Uploader module of Visual Composer. When exploited, it allows unauthenticated attackers to upload arbitrary malicious files via specially crafted POST requests to…
-
âš¡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
by
in SecurityNewsCan a harmless click really lead to a full-blown cyberattack?Surprisingly, yes, and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps, like…
-
Attackers chained Craft CMS zero-days attacks in the wild
by
in SecurityNewsOrange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. The two vulnerabilities, tracked as CVE-2025-32432 and CVE-2024-58136, are respectively a…
-
Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code
by
in SecurityNewsA severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020. Identified by ONEKEY Research Lab through automated binary static analysis, the flaw, tracked as CVE-2024-6198, affects the “SNORE” web interface running on lighttpd over TCP ports 3030 and 9882. With…
-
Emergency patch for potential SAP zero-day that could grant full system control
German software giant paywalls details, but experts piece together the clues First seen on theregister.com Jump to article: www.theregister.com/2025/04/25/sap_netweaver_patch/
-
SAP fixes suspected Netweaver zero-day exploited in attacks
by
in SecurityNewsSAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
-
Vor diesen Ransomware-Banden sollten Sie sich hüten
by
in SecurityNews
Tags: ai, cyber, cyberattack, data, data-breach, exploit, extortion, germany, group, hacker, intelligence, leak, lockbit, malware, moveIT, ransomware, service, software, strategy, threat, tool, usa, vulnerability, zero-dayRansomware-Attacken werden immer mehr. Höchste Zeit, die Schutzmaßnahmen hochzufahren.In den ersten drei Monaten des laufenden Jahres gab es einen neuen Höchststand bei den weltweit gemeldeten Ransomware-Vorfällen. Laut dem aktuellen Bericht State of Ransomware von Check Point Research (CPR) haben Hacker im ersten Quartal 2025 insgesamt 2.289 Unternehmen erpresst 126 Prozent mehr als im Vorjahreszeitraum (1.011…