Tag: zero-day
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
SonicWall warns of actively exploited flaw in SMA 100 AMC
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
-
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/
-
SonicWall warns of actively exploited flaw in SMA 100 AMC
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue…
-
Cisco says Chinese hackers are exploiting its customers with a new zero-day
Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company’s most popular products. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/17/cisco-says-chinese-hackers-are-exploiting-its-customers-with-a-new-zero-day/
-
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
-
Sonicwall warns of new SMA1000 zero-day exploited in attacks
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices
The post Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sandworms-tactical-pivot-russian-gru-abandons-zero-days-to-weaponize-misconfigured-edge-devices/
-
China’s Ink Dragon hides out in European government networks
Misconfigured servers are in, 0-days out First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/chinas_ink_dragon_hides_out/
-
China’s Ink Dragon hides out in European government networks
Misconfigured servers are in, 0-days out First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/chinas_ink_dragon_hides_out/
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks
Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
-
Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/apple-patches-more-zero-days-sophisticated-attack
-
Künstliche Intelligenz wird Zero-Day-Schwachstellen explodieren lassen
Prompt-Injection wird zu einem zentralen Sicherheitsproblem und die künstliche Intelligenz wird Zero-Day-Schwachstellen explodieren lassen, sind sich Elia Zaitsev, CTO, und Adam Meyers, SVP of Counter Adversary Operations bei Crowdstrike, in ihren Branchen-Prognosen für 2026 ziemlich sicher. Prompt-Injection wird zu einem zentralen Sicherheitsproblem Prompt-Injection wird das KI-Zeitalter ähnlich prägen wie Phishing das E-Mail-Zeitalter. Angreifer betten […]…
-
Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks
Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-zero-day-exploits-used-in-targeted-iphone-spyware-attacks/
-
Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks
Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apple-zero-day-exploits-used-in-targeted-iphone-spyware-attacks/
-
âš¡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on”, and in some cases, they started attacking before a fix was even ready.Below, we list the urgent updates you need…
-
Apple, Google forced to issue emergency 0-day patches
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/apple_follows_google_by_emergency/
-
Apple and Google forced into emergency patching 0-day
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/apple_follows_google_by_emergency/
-
Kein Patch von Microsoft: Zero-Day-Lücke betrifft gängige Windows-Versionen
Forscher warnen vor einer Zero-Day-Lücke unter Windows. Richtig gefährlich wird diese in Kombination mit einer bereits bekannten Lücke. First seen on golem.de Jump to article: www.golem.de/news/kein-patch-von-microsoft-zero-day-luecke-gefaehrdet-alle-gaengigen-windows-versionen-2512-203266.html
-
Kein Patch von Microsoft: Zero-Day-Lücke gefährdet alle gängigen Windows-Versionen
Forscher warnen vor einer Zero-Day-Lücke unter Windows. Richtig gefährlich wird diese in Kombination mit einer bereits bekannten Lücke. First seen on golem.de Jump to article: www.golem.de/news/kein-patch-von-microsoft-zero-day-luecke-gefaehrdet-alle-gaengigen-windows-versionen-2512-203266.html
-
Zero-Day-Lücken in Webkit: Angriffe auf iPhone-Nutzer beobachtet
Zwei aktiv ausgenutzte Sicherheitslücken gefährden Apple-Geräte wie iPhones, iPads und Macs. Anwender sollten zügig patchen. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-in-webkit-angriffe-auf-iphone-nutzer-beobachtet-2512-203261.html