Collaborate Disseminate
The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers com… Continue reading A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to… Continue reading Patch Tuesday: Microsoft Fixes 63 Bugs with 2 Zero-Days
Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vul… Continue reading Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)
XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment. Acco… Continue reading Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)
Financial institutions will continue to be the ultimate targets for criminals and threat actors, as a successful attack offers a significant payoff, according to Contrast Security. Contrast Security has surveyed 35 of the world’s leading financial inst… Continue reading More destructive cyberattacks target financial institutions
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-… Continue reading Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the process… Continue reading Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release version t… Continue reading SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The expl… Continue reading Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The expl… Continue reading Microsoft fixes actively exploited Windows Hyper-V zero-day flaws