-
Lazarus hackers breach six companies in watering hole attacks
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.
- April 24, 2025
- 03:13 PM
0
-
Apple fixes two zero-days exploited in targeted iPhone attacks
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones.
- April 16, 2025
- 02:06 PM
0
-
How Black Rifle Coffee slashed offboarding from weeks to minutes
Manual IAM processes slow down IT and introduce risk.
In this webinar, see how Black Rifle Coffee leverages automation to reduce offboarding time from weeks to minutes, save 120 hours of analyst time, and strengthen their security posture - all without adding headcount.
-
Microsoft: Windows CLFS zero-day exploited by ransomware gang
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.
- April 08, 2025
- 03:05 PM
- 0
-
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research.
- April 07, 2025
- 05:39 PM
- 4
-
Google fixes Android zero-days exploited in attacks, 60 other flaws
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.
- April 07, 2025
- 01:55 PM
- 0
-
Ivanti patches Connect Secure zero-day exploited since mid-March
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
- April 03, 2025
- 01:43 PM
- 0
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian media outlets and government organizations.
- March 26, 2025
- 02:42 AM
- 0
-
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.
- March 25, 2025
- 02:22 PM
- 1
-
EncryptHub linked to MMC zero-day attacks on Windows systems
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.
- March 25, 2025
- 12:51 PM
- 2
-
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.
- March 19, 2025
- 12:02 PM
- 0
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.
- March 18, 2025
- 01:11 PM
- 1
-
Microsoft patches Windows Kernel zero-day exploited since 2023
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023.
- March 12, 2025
- 10:30 AM
- 0
-
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- March 11, 2025
- 02:43 PM
- 0
-
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.
- March 11, 2025
- 01:45 PM
- 4
-
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices.
- March 07, 2025
- 01:36 PM
- 1
-
Broadcom fixes three VMware zero-days exploited in attacks
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.
- March 04, 2025
- 08:23 AM
- 0
-
Google fixes Android zero-day exploited by Serbian authorities
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices.
- March 04, 2025
- 06:38 AM
- 3
-
Serbian police used Cellebrite zero-day hack to unlock Android phones
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware.
- February 28, 2025
- 11:27 AM
- 0
-
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.
- February 24, 2025
- 10:48 AM
- 0
-
PostgreSQL flaw exploited as zero-day in BeyondTrust breach
Rapid7's vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December.
- February 14, 2025
- 09:15 AM
- 0
