Latest Exploit Chain news

ScreenConnect critical bug now under attack as exploit code emerges

Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- Bill Toulas
- February 21, 2024
- 12:18 PM
- 1
Google says spyware vendors behind most zero-days it discovers

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.
- Bill Toulas
- February 06, 2024
- 12:27 PM
- 4
Exploit for CrushFTP RCE chain released, patch now

A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
- Bill Toulas
- November 18, 2023
- 10:06 AM
- 0
RCE exploit for Wyze Cam v3 publicly released, patch now

A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
- Bill Toulas
- October 30, 2023
- 04:46 PM
- 1
Apple zero-click iMessage exploit used to infect iPhones with spyware

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.
- Sergiu Gatlan
- September 07, 2023
- 04:18 PM
- 0
Google finds more Android, iOS zero-days used to install spyware

Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices.
- Sergiu Gatlan
- March 29, 2023
- 08:00 AM
- 0
Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver

Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day (and several bug collisions) exploited between March 22 and 24.
- Sergiu Gatlan
- March 27, 2023
- 11:23 AM
- 0
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own

During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products.
- Sergiu Gatlan
- March 23, 2023
- 07:33 PM
- 0
Ransomware gang uses new Microsoft Exchange exploit to breach servers

Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).
- Sergiu Gatlan
- December 20, 2022
- 05:33 PM
- 0
Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.
- Sergiu Gatlan
- June 08, 2021
- 02:20 PM
- 0
Hacking group used 11 zero-days to attack Windows, iOS, Android users

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
- Sergiu Gatlan
- March 20, 2021
- 10:41 AM
- 0
Google discloses hacking campaign targeting Windows, Android users

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.
- Sergiu Gatlan
- January 13, 2021
- 08:51 AM
- 0