Tag: zero-day
-
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/darksword-iphone-exploit-spies-thieves
-
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Tags: attack, cisco, exploit, firewall, flaw, ransomware, remote-code-execution, software, vulnerability, zero-dayThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/
-
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Tags: access, cisco, cve, exploit, firewall, flaw, intelligence, ransomware, threat, vulnerability, zero-dayAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to First seen…
-
In macOS, iOS & iPadOS – 7 Zero Days bei Apple, 3 davon aktiv ausgenutzt
First seen on security-insider.de Jump to article: www.security-insider.de/apple-zero-day-luecken-macos-ios-ipados-safari-a-9d9af57062fda0e539e17406e879db48/
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
âš¡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a…
-
Google Patches Two Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild
Google patched two Chrome zero-day vulnerabilities actively exploited in the wild that could allow code execution or browser crashes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-two-chrome-zero-day-vulnerabilities-actively-exploited-in-the-wild/
-
Google patches two Chrome zero-days under active attack. Update now
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now/
-
Google rushes Chrome update fixing two zero-days already under attack
Skia graphics lib and V8 JavaScript engine brings browser’s tally of actively exploited bugs to three in 2026 First seen on theregister.com Jump to article: www.theregister.com/2026/03/13/google_zeroday_chrome_update/
-
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.The list of vulnerabilities is as follows -CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory…
-
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
-
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code
Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-2/
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities-3/
-
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities/
-
Microsoft Fixes 79 Flaws in March Patch Tuesday, Including Two 0-Days
Microsoft fixes 79 vulnerabilities in March 2026 Patch Tuesday, including two publicly disclosed 0-days affecting SQL Server, .NET and Windows systems. First seen on hackread.com Jump to article: hackread.com/microsoft-march-patch-tuesday-two-0-days-flaws/
-
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information…
-
Microsoft Patch Tuesday March 2026: Two Zero-Days and Critical RCE Bugs Fixed
The Microsoft Patch Tuesday March 2026 release introduces security updates addressing 79 vulnerabilities, including two publicly disclosed zero-day vulnerabilities and several high-risk issues tied to remote code execution. The monthly security rollout includes fixes across multiple Microsoft products such as SQL Server, .NET, Microsoft Office, SharePoint Server, and Azure services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-march-2026/
-
Microsoft Fixes Two Publicly Disclosed Zero-Days
March Patch Tuesday sees Microsoft release updates for 79 flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-fixes-two-publicly/
-
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
Microsoft’s March 2026 Patch Tuesday has addressed a zero-day vulnerability in the .NET framework, officially tracked as CVE-2026-26127. Disclosed publicly before a patch was available, this flaw allows unauthenticated remote attackers to trigger a denial of service (DoS) condition against applications running on affected .NET environments. The vulnerability has been categorized as an out-of-bounds read…
-
Microsoft Fixes 79 Vulnerabilities in March 2026 Patch Tuesday, Mitigating Two Exploited 0-Days
Microsoft has released its March 2026 Patch Tuesday updates, successfully addressing 79 security vulnerabilities across various products and mitigating two publicly disclosed zero-day flaws. These critical security updates provide essential fixes for enterprise systems, including Microsoft Windows, Office, SQL Server, and the .NET framework. March 2026 Vulnerability Overview The March 2026 Patch Tuesday addresses a…
-
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this…
-
Microsoft patches zero-days in .NET and SQL Server
Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639784/Microsoft-patches-zero-days-in-NET-and-SQL-Server