-
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide.
- July 20, 2025
- 11:40 AM
0
-
New CrushFTP zero-day exploited in attacks to hijack servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.
- July 18, 2025
- 06:24 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
- July 17, 2025
- 05:36 PM
- 3
-
Ruckus Networks leaves severe flaws unpatched in management devices
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve.
- July 09, 2025
- 11:42 AM
- 0
-
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server.
- July 08, 2025
- 01:30 PM
- 0
-
Google fixes fourth actively exploited Chrome zero-day of 2025
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year.
- July 01, 2025
- 06:59 AM
- 0
-
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.
- June 11, 2025
- 11:47 AM
- 0
-
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year.
- June 03, 2025
- 06:22 AM
- 3
-
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks.
- June 02, 2025
- 07:11 AM
- 0
-
Chinese hackers breach US local governments using Cityworks zero-day
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States.
- May 22, 2025
- 09:58 AM
- 0
-
Mozilla fixes Firefox zero-days exploited at hacking contest
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition.
- May 19, 2025
- 10:10 AM
- 1
-
Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin
The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions.
- May 19, 2025
- 10:03 AM
- 0
-
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
- May 16, 2025
- 11:23 AM
- 0
-
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser.
- May 16, 2025
- 04:13 AM
- 0
-
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox.
- May 15, 2025
- 11:48 AM
- 2
-
SAP patches second zero-day flaw exploited in recent attacks
SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day.
- May 13, 2025
- 04:48 PM
- 0
-
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.
- May 13, 2025
- 02:26 PM
- 0
-
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.
- May 13, 2025
- 12:46 PM
- 1
-
Output Messenger flaw exploited as zero-day in espionage attacks
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq.
- May 12, 2025
- 01:34 PM
- 0
-
SonicWall urges admins to patch VPN flaw exploited in attacks
SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks
- May 08, 2025
- 07:19 AM
- 0
