-
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
- May 07, 2025
- 10:45 AM
0
-
Commvault says recent breach didn't impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data.
- April 30, 2025
- 12:20 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Google: 97 zero-days exploited in 2024, over 50% in spyware attacks
Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks.
- April 29, 2025
- 06:00 AM
- 0
-
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
- April 25, 2025
- 03:44 PM
- 0
-
SAP fixes suspected NetWeaver zero-day exploited in attacks
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.
- April 25, 2025
- 09:01 AM
- 0
-
Lazarus hackers breach six companies in watering hole attacks
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.
- April 24, 2025
- 03:13 PM
- 0
-
Apple fixes two zero-days exploited in targeted iPhone attacks
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones.
- April 16, 2025
- 02:06 PM
- 0
-
Microsoft: Windows CLFS zero-day exploited by ransomware gang
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.
- April 08, 2025
- 03:05 PM
- 0
-
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research.
- April 07, 2025
- 05:39 PM
- 4
-
Google fixes Android zero-days exploited in attacks, 60 other flaws
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.
- April 07, 2025
- 01:55 PM
- 0
-
Ivanti patches Connect Secure zero-day exploited since mid-March
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
- April 03, 2025
- 01:43 PM
- 0
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian media outlets and government organizations.
- March 26, 2025
- 02:42 AM
- 0
-
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.
- March 25, 2025
- 02:22 PM
- 1
-
EncryptHub linked to MMC zero-day attacks on Windows systems
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.
- March 25, 2025
- 12:51 PM
- 2
-
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.
- March 19, 2025
- 12:02 PM
- 0
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.
- March 18, 2025
- 01:11 PM
- 1
-
Microsoft patches Windows Kernel zero-day exploited since 2023
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023.
- March 12, 2025
- 10:30 AM
- 0
-
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- March 11, 2025
- 02:43 PM
- 0
-
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.
- March 11, 2025
- 01:45 PM
- 4
-
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices.
- March 07, 2025
- 01:36 PM
- 1
