zero-day vulnerabilities

From Security Week – Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing

[[{"value":"Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks. The post Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing appeared first…

shaikh Saqib March 20, 2025

News

From Dark Reading – Consumer Groups Push IoT Security Bill to Address EoL Concerns

Consumer Reports, Secure Resilient Future Foundation (SRFF) and US Public Interest Research Group (PIRG) introduced a model bill to increase transparency around Internet of Things that have reached end-of-life status. Read…

shaikh Saqib March 13, 2025

News

From The Hacker News – Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that

shaikh Saqib March 12, 2025

Articles

From Krebs on Security – Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Read More

shaikh Saqib March 12, 2025

News

From Dark Reading – Whopping Number of Microsoft Zero-Days Under Attack

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever. Read More

shaikh Saqib March 12, 2025

News

From Cyber Security News – Hackers Exploiting ‘any/any’ Communication Configs in Cloud Services to Host Malware

Veriti has uncovered a concerning trend where cybercriminals are actively exploiting misconfigured cloud services to distribute malware and control compromised systems. Over 40% of networks allow “any/any” communication with at…

shaikh Saqib March 9, 2025

News

From Dark Reading – China’s Silk Typhoon APT Shifts to IT Supply Chain Attacks

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft. Read More

shaikh Saqib March 6, 2025

News

From Dark Reading – 3 VMware Zero-Day Bugs Allow Sandbox Escape

The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying…

shaikh Saqib March 5, 2025

News

From The Hacker News – Google’s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"

shaikh Saqib March 4, 2025

News

From Dark Reading – Could the Plot of Netflix’s ‘Zero Day’ Occur IRL?

A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician. Read More

shaikh Saqib February 25, 2025

News

From Cyber Security News – Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks

Researchers uncovered critical zero-day vulnerabilities in Fluent Bit, a ubiquitous logging utility embedded in cloud infrastructure across major providers like AWS, Google Cloud, and Microsoft Azure. The flaws tracked as…

shaikh Saqib February 24, 2025

News

From Cyber Security News – RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems

The RansomHub ransomware group has rapidly emerged as one of the most prolific cybercrime syndicates of 2024–2025. As this ransomware group done by expanding its arsenal to target Windows, VMware…

shaikh Saqib February 17, 2025

News

From Security Week – SonicWall Firewall Vulnerability Exploited After PoC Publication

[[{"value":"The exploitation of a recent SonicWall vulnerability has started shortly after proof-of-concept (PoC) code was published. The post SonicWall Firewall Vulnerability Exploited After PoC Publication appeared first on SecurityWeek."}]] Read More

shaikh Saqib February 14, 2025

News

From The Hacker News – Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

shaikh Saqib February 12, 2025

News

From Cyber Security News – Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Zero-Day’s Actively Exploited

Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 zero-day vulnerabilities…

shaikh Saqib February 12, 2025