Tag: zero-day
-
Ghost NICs Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201
The post Ghost NICs Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ghost-nics-secret-knocks-dell-zero-day-cvss-10-exploited-by-unc6201/
-
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed
Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-grimbolt-dell-zero-day/
-
China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection
Full scale of infections remains ‘unknown’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/
-
Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/
-
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has released an emergency update to patch an actively exploited zero-day”, the first Chrome zero-day of the year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/
-
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used…
-
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patches-new-in-wild-chrome/
-
Google fixes first actively exploited Chrome zero-day of 2026
Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first…
-
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
-
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack, Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild.The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on…
-
DoS und RCE – Forscher entdecken 12 OpenSSL-Zero-Days mit KI
First seen on security-insider.de Jump to article: www.security-insider.de/ki-entdeckt-openssl-zero-day-sicherheitsluecken-a-866c81ab14207cf6043c6a8f33bc77d3/
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…
-
Zero-Days, Shadow AI, and Stealth Tactics Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-shadow-ai-and-stealth-tactics-define-this-week-in-cybersecurity/
-
Researchers unearth 30-year-old vulnerability in libpng library
Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-daypng_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…
-
Nation-State Hackers Put Defense Industrial Base Under Siege
Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nation-state-hackers-defense-industrial-base-under-siege
-
Apple discloses first actively exploited zero-day of 2026
The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-zero-day-vulnerability-cve-2026-20700/
-
Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching
Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices. The post Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-zero-day-cve-update-february-2026/
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack
Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline. The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-six-zero-days-february-2026/
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
Apple Patches Actively Exploited Zero-Day Flaw
Apple patched an exploited zero-day enabling code execution and urges immediate updates. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-patches-actively-exploited-zero-day-flaw/
-
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware
Flaw abused ‘in an extremely sophisticated attack against specific targeted individuals’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/apple_ios_263/
-
Apple patches zero-day flaw that could let attackers take control of devices
Apple issued security updates for all devices which include a patch for an actively exploited zero-day”, tracked as CVE-2026-20700. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/apple-patches-zero-day-flaw-that-could-let-attackers-take-control-of-devices/
-
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal, attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight.Another shift is how access is gained versus how it’s used. Initial entry points are…
-
Apple fixed first actively exploited zero-day in 2026
Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that…