Tag: zero-day
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
Saturday Security: Zero-Day Logitech Breach Exposes 1.8TB of Data
Logitech, a prominent PC accessories brand, has recently confirmed a major data breach after cybercriminals exploited a zero-day vulnerability in a third-party platform. While Logitech assures that exposed data was limited and credit card numbers, as well as national IDs, were not stored on the impacted systems, the situation remains concerning. The notorious Clop ransomware……
-
Saturday Security: Zero-Day Logitech Breach Exposes 1.8TB of Data
Logitech, a prominent PC accessories brand, has recently confirmed a major data breach after cybercriminals exploited a zero-day vulnerability in a third-party platform. While Logitech assures that exposed data was limited and credit card numbers, as well as national IDs, were not stored on the impacted systems, the situation remains concerning. The notorious Clop ransomware……
-
Cox Enterprises discloses Oracle E-Business Suite data breach
Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cox-enterprises-discloses-oracle-e-business-suite-data-breach/
-
Cox Enterprises discloses Oracle E-Business Suite data breach
Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cox-enterprises-discloses-oracle-e-business-suite-data-breach/
-
Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities
Tags: authentication, cve, cyber, exploit, firewall, flaw, fortinet, injection, remote-code-execution, vulnerability, waf, zero-dayRapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root privileges.”‹ CVE ID Vulnerability Type Affected Product Impact CVE-2025-64446 Authentication Bypass Fortinet FortiWeb Administrative account creation, privilege escalation CVE-2025-58034 Command Injection Fortinet FortiWeb Remote…
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, identity, infrastructure, kev, oracle, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated First seen…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
Clop Ransomware Claims Broadcom Breach Through E-Business Suite 0-Day
Tags: access, breach, business, cyber, exploit, infrastructure, intelligence, oracle, ransomware, software, threat, vulnerability, zero-dayThe notorious Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerability in Oracle E-Business Suite to gain initial access to the company’s systems. Security researchers have not independently verified the claim, though Broadcom has not…
-
Clop Ransomware Claims Broadcom Breach Through E-Business Suite 0-Day
Tags: access, breach, business, cyber, exploit, infrastructure, intelligence, oracle, ransomware, software, threat, vulnerability, zero-dayThe notorious Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerability in Oracle E-Business Suite to gain initial access to the company’s systems. Security researchers have not independently verified the claim, though Broadcom has not…
-
Clop Ransomware Claims Broadcom Breach Through E-Business Suite 0-Day
Tags: access, breach, business, cyber, exploit, infrastructure, intelligence, oracle, ransomware, software, threat, vulnerability, zero-dayThe notorious Cl0p ransomware gang has publicly claimed responsibility for breaching Broadcom, a leading semiconductor and infrastructure software company. According to threat intelligence sources, the attackers exploited an unpatched zero-day vulnerability in Oracle E-Business Suite to gain initial access to the company’s systems. Security researchers have not independently verified the claim, though Broadcom has not…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
CISA Alerts Users to Active Attacks on Chrome 0-Day Vulnerability
Tags: attack, browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223, resides in Google Chromium’s V8 JavaScript engine and poses an immediate threat to millions of users worldwide. Understanding the Vulnerability CVE-2025-13223…
-
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment
Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
-
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment
Patching advice: Affected versions of FortiWeb include 7.0.0 through 7.0.11, 7.2.0 through 7.2.11, 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 through 8.0.1. Fixes are applied, in the same order, by releases 7.0.12, 7.2.12, 7.4.10, 7.6.5, and 8.0.2.Meanwhile, the widespread use of FortiWeb WAFS in government has prompted a warning by CISA that agencies should…
-
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used…
-
Fortinet ‘fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE First seen on theregister.com Jump to article: www.theregister.com/2025/11/19/fortinet_confirms_second_fortiweb_0day/
-
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor’s disclosure practices. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-woes-continue-another-waf-zero-day-flaw
-
Google Issues Emergency Update for 2B Chrome Users
Google issues emergency update for 2B Chrome users after confirming active zero-day exploitation. The post Google Issues Emergency Update for 2B Chrome Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-emergency-update-2b-chrome-users/
-
CISA Urges Quick Fortinet Patches Amid Exploitation Of New FortiWeb Vulnerability
Tags: cisa, cybersecurity, exploit, firewall, fortinet, infrastructure, vulnerability, waf, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging a quick response to Fortinet’s disclosure of a zero-day vulnerability impacting its web application firewall, FortiWeb, which has been exploited in cyberattacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-urges-quick-fortinet-patches-amid-exploitation-of-new-fortiweb-vulnerability
-
U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, vulnerability, zero-dayU.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Fortinet FortiWeb flaw, tracked as CVE-2025-58034 (CVSS score of 6.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet patched a new FortiWeb zero-day, tracked…
-
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-gives-govt-agencies-7-days-to-patch-new-fortinet-flaw/