Zero-Day Exploits

Zimbra Zero-Day Exploited via Malicious iCalendar Files

CVE News

Zimbra Zero-Day Exploited via Malicious iCalendar Files

Security researchers have identified a new zero-day attack campaign targeting Zimbra Collaboration Suite (ZCS) that leverages malicious...

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

CVE News

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

A critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software, tracked as CVE-2025-10035, was actively exploited...

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

CVE News

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

A newly identified vulnerability in multiple versions of OnePlus’s OxygenOS allows any application installed on a device...

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

CVE News

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Google has released an emergency security update for its Chrome browser to address a high-severity zero-day vulnerability,...

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

CVE News

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Apple has released security updates for older iPhone and iPad models, backporting a critical fix for a...

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

CVE News

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Samsung has released a critical security update addressing a remote code execution vulnerability that was actively exploited...

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

CVE News

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

A critical zero-day vulnerability in legacy Sitecore deployments, designated CVE-2025-53690, has been actively exploited by threat actors...

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

CVE News

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Google’s September 2025 Android security bulletin addresses a significant security event, patching 120 vulnerabilities across the platform...

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

CVE News

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Citrix has released emergency patches for a critical remote code execution vulnerability, tracked as CVE-2025-7775, affecting its...

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

CVE News

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Apple has released emergency security updates to address a zero-day vulnerability actively exploited in what the company...

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

CVE News

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions...

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

Threat Intelligence

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

A significant increase in brute-force attacks targeting Fortinet SSL VPNs has raised concerns about potential zero-day vulnerabilities....

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

CVE News

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

Microsoft’s August 2025 Patch Tuesday addresses 107 security vulnerabilities, including one actively exploited zero-day in Windows Kerberos....

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

CVE News

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

A critical WinRAR vulnerability, tracked as CVE-2025-8088, was actively exploited as a zero-day in phishing campaigns to...

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

CVE News

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

A critical vulnerability in OpenVSX, the open-source extension marketplace used by popular VS Code forks like Cursor...

Microsoft’s July 2025 Patch Tuesday Addresses 137 Vulnerabilities Including Critical WebDAV Zero-Day

CVE News

Microsoft’s July 2025 Patch Tuesday Addresses 137 Vulnerabilities Including Critical WebDAV Zero-Day

Microsoft’s July 2025 Patch Tuesday has released security updates addressing 137 vulnerabilities across its product line, including...

Graphite Spyware Targets Journalists via iOS Zero-Click Exploits

APT-News

Graphite Spyware Targets Journalists via iOS Zero-Click Exploits

Forensic investigations have confirmed the use of Paragon’s Graphite spyware in zero-click attacks against Apple iOS devices...

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

CVE News

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

Qualcomm has addressed three critical zero-day vulnerabilities in its Adreno Graphics Processing Unit (GPU) driver that were...

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

CVE News

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

A newly identified weakness in Apple’s Safari browser enables attackers to execute fullscreen browser-in-the-middle (BitM) attacks, potentially...

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

CVE News

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

Multiple critical vulnerabilities in Versa Networks’ Concerto platform remain unpatched, exposing enterprise networks to authentication bypass and...

Posts pagination

1 2 3 Next

Zero-Day Exploits

Zimbra Zero-Day Exploited via Malicious iCalendar Files

Fortra GoAnywhere MFT Zero-Day Exploited Prior to Patch Release

OnePlus SMS Vulnerability Exposes Systemic Security Tensions

Google Addresses Sixth Actively Exploited Chrome Zero-Day of 2025

Apple Extends Zero-Day Patch to Legacy iOS and iPadOS Devices

Samsung Patches Actively Exploited Android Zero-Day Linked to WhatsApp Spyware Campaign

Sitecore Zero-Day Exploitation: Anatomy of a Critical ViewState Deserialization Attack

Analysis of Actively Exploited Android Zero-Days Patched in September 2025 Update

Critical Citrix NetScaler RCE Vulnerability Actively Exploited as Zero-Day

Apple’s 2025 Zero-Day Response: Sophisticated Attacks and Unprecedented Backporting

Password Manager Browser Extensions Vulnerable to DOM-Based Clickjacking

Fortinet VPN Brute-Force Attacks Signal Potential Zero-Day Exploits

Microsoft August 2025 Patch Tuesday: Zero-Day in Windows Kerberos Among 107 Flaws

WinRAR Zero-Day Exploited in Phishing Attacks to Deploy RomCom Malware

OpenVSX Zero-Day Vulnerability: How a Single Flaw Threatened Millions of Developer Environments

Microsoft’s July 2025 Patch Tuesday Addresses 137 Vulnerabilities Including Critical WebDAV Zero-Day

Graphite Spyware Targets Journalists via iOS Zero-Click Exploits

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks