-
Sonicwall warns of new SMA1000 zero-day exploited in attacks
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.
- December 17, 2025
- 12:44 PM
0
-
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process.
- December 03, 2025
- 04:31 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.
- December 02, 2025
- 09:36 AM
- 0
-
CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers
CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024.
- October 30, 2025
- 04:01 PM
- 0
-
CISA: High-severity Windows SMB flaw now exploited in attacks
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.
- October 20, 2025
- 01:18 PM
- 0
-
Chinese hackers exploiting VMware zero-day since October 2024
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024.
- September 30, 2025
- 10:54 AM
- 0
-
Google fixes actively exploited Android flaws in September update
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws.
- September 03, 2025
- 10:14 AM
- 0
-
Microsoft warns of high-severity flaw in hybrid Exchange deployments
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate privileges in Exchange Online cloud environments undetected.
- August 07, 2025
- 03:50 AM
- 0
-
New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.
- June 18, 2025
- 04:45 AM
- 0
-
Microsoft shares script to restore inetpub folder you shouldn’t delete
Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability.
- June 06, 2025
- 01:28 PM
- 5
-
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
- May 07, 2025
- 10:45 AM
- 0
-
Microsoft: Windows 'inetpub' folder created by security fix, don’t delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it.
- April 11, 2025
- 10:32 AM
- 15
-
Google fixes Android zero-days exploited in attacks, 60 other flaws
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.
- April 07, 2025
- 01:55 PM
- 0
-
Google fixes Android zero-day exploited by Serbian authorities
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices.
- March 04, 2025
- 06:38 AM
- 3
-
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows.
- March 01, 2025
- 10:17 AM
- 4
-
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.
- February 24, 2025
- 10:48 AM
- 0
-
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.
- February 20, 2025
- 09:34 AM
- 0
-
Google fixes Android kernel zero-day exploited in attacks
The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild.
- February 03, 2025
- 03:10 PM
- 0
-
Hackers use Windows RID hijacking to create hidden admin account
A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions.
- January 24, 2025
- 12:25 PM
- 0
-
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability.
- December 16, 2024
- 02:50 PM
- 1
