Tag: zero-day
-
WK Kellogg informiert über Datendiebstahl
by
in SecurityNewsDer für seine Cornflakes bekannte Lebensmittelkonzern WK Kellogg wurde um Daten beraubt.WK Kellogg, bekannt für seine Frühstücksprodukte wie Cornflakes und Frosties, teilte kürzlich mit, dass bei einem Angriff im Jahr 2024 Unternehmensdaten gestohlen wurden. In einer Mitteilung an die zuständigen Behörden heißt es, dass zu den offengelegten Daten auch Namen und Sozialversicherungsnummern gehören. Nach eigenen…
-
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
by
in SecurityNewsCISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
-
CentreStack RCE exploited as zero-day to breach file sharing servers
by
in SecurityNewsHackers exploited a vulnerability in Gladinet CentreStack’s secure file-sharing software as a zero-day since March to breach storage servers First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/
-
Sicherheitsbegriffe erklärt: Was bedeutet Zero Day?
by
in SecurityNews
Tags: zero-dayWenn du nicht zu jenen Nutzern gehörst, die sich Stundenlang mit Artikeln über Computersicherheit beschäftigen, sind dir so manche Begriffe vermutlich nicht ganz geläufig. Vor allem bei dem Begriff ‘Zero Day” werde ich häufig um eine Erklärung gebeten. Also lasst uns schauen, was er bedeutet. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/03/17/sicherheitsbegriffe-erklart-bedeutet-zero-day/
-
Microsoft Security Update Summary (8. April 2025)
by
in SecurityNewsMicrosoft hat am 8. April 2025Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 121 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert. Diese Schwachstelle wurde bereits angegriffen. Nachfolgend findet sich ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/microsoft-security-update-summary-8-april-2025/
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
by
in SecurityNews
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
Zero-day bug used in ransomware attacks on US real estate firms
by
in SecurityNewsMicrosoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims. First seen on therecord.media Jump to article: therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate
-
Microsoft patches zero-day actively exploited in string of ransomware attacks
by
in SecurityNewsMicrosoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2025/
-
Zero-days among dozens of Android bugs addressed by Google
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/zero-days-among-dozens-of-android-bugs-addressed-by-google
-
Google Patches Two Zero-Days in April 2025 Android Security Update
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/google-patches-two-zero-days-in-april-2025-android-security-update
-
2 Android Zero-Day Bugs Under Active Exploit
by
in SecurityNewsNeither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/android-zero-day-bugs-active-exploit
-
Microsoft April 2025 Patch Tuesday: Fixing 121 Vulnerabilities, Including a Critical Zero-Day
by
in SecurityNews
Tags: cyber, exploit, flaw, microsoft, remote-code-execution, software, update, vulnerability, zero-dayMicrosoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across its software ecosystem. This comprehensive update includes fixes for critical issues such as the elevation of privilege, remote code execution, and information disclosure vulnerabilities. Among the patched flaws is a zero-day vulnerability actively exploited in the wild, underscoring the urgency…
-
Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day
by
in SecurityNewsPatch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild. The post Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
-
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
by
in SecurityNewsApril 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/
-
Windows CLFS zero-day exploited by ransomware gang
by
in SecurityNewsMicrosoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/
-
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
Today is Microsoft’s April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/
-
Google Releases April Android Update to Address Two Zero-Days
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-update-address-two-zero/
-
Google fixed two actively exploited Android zero-days
by
in SecurityNewsGoogle addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices…
-
Google Patches Actively Exploited Android 0-Day Vulnerability
by
in SecurityNewsGoogle has issued critical security updates to address a recently discovered zero-day vulnerability actively exploited in Android devices. The Android Security Bulletin for April 2025 highlights the details of multiple security vulnerabilities, including high-profile issues such asCVE-2024-53150andCVE-2024-53197, which have reportedly been exploited in targeted attacks. These vulnerabilities are addressed in the security patch levels of2025-04-05or…
-
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
by
in SecurityNewsEncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
-
Google fixes Android zero-days exploited in attacks, 60 other flaws
by
in SecurityNewsGoogle has released patches for 62 vulnerabilities in Android’s April 2025 security update, including two zero-days exploited in targeted attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/
-
China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
by
in SecurityNews
Tags: china, exploit, flaw, group, ivanti, remote-code-execution, threat, update, vulnerability, zero-dayIvanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been exploited by a China-linked threat actor since at least mid-March 2025. Ivanti did not disclose…
-
Ivanti patches Connect Secure zero-day exploited since mid-March
by
in SecurityNews
Tags: china, espionage, exploit, ivanti, malware, remote-code-execution, update, vulnerability, zero-dayIvanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
-
Why is someone mass-scanning Juniper and Palo Alto Networks products?
Espionage? Botnets? Trying to exploit a zero-day? First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/
-
Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
by
in SecurityNews
Tags: access, ai, control, cybersecurity, exploit, firmware, flaw, Hardware, microsoft, mitigation, monitoring, risk, soc, supply-chain, tool, update, vulnerability, vulnerability-management, zero-dayAI-powered discovery changes the cybersecurity landscape: Microsoft’s Security Copilot tool significantly accelerated the vulnerability identification process, with a particular focus on filesystem implementations due to their high vulnerability potential.”Using Security Copilot, we were able to identify potential security issues in bootloader functionalities, focusing on filesystems due to their high vulnerability potential,” the blog stated. “This…
-
Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
by
in SecurityNewsApple has released a series of critical security updates to address vulnerabilities that were actively exploited as zero-day threats. These updates include backported patches for older versions of iOS, iPadOS, macOS, and watchOS, aiming to secure devices that may still be running outdated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apple-backports-zero-day-patches/
-
Apple issues fixes for vulnerabilities in both old and new OS versions
by
in SecurityNewsThe company released a host of security patches Monday, including ones that address two zero-day vulnerabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-security-update-march-2025/