Latest Zero-Day news

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
- Lawrence Abrams
- March 05, 2024
- 04:34 PM
- 0
Windows Kernel bug fixed last month exploited as zero-day since August

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
- Sergiu Gatlan
- March 02, 2024
- 10:09 AM
- 0
CISA warns of Microsoft Streaming bug exploited in malware attacks

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks.
- Sergiu Gatlan
- March 01, 2024
- 02:18 PM
- 0
Lazarus hackers exploited Windows zero-day to gain Kernel privileges

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
- Bill Toulas
- February 28, 2024
- 12:24 PM
- 1
Microsoft: New critical Exchange bug exploited as zero-day

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.
- Sergiu Gatlan
- February 14, 2024
- 06:29 PM
- 1
New critical Microsoft Outlook RCE bug is trivial to exploit

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.
- Sergiu Gatlan
- February 14, 2024
- 03:08 PM
- 1
Hackers used new Windows Defender zero-day to drop DarkMe malware

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
- Sergiu Gatlan
- February 13, 2024
- 03:52 PM
- 0
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.
- Lawrence Abrams
- February 13, 2024
- 02:07 PM
- 4
Google says spyware vendors behind most zero-days it discovers

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.
- Bill Toulas
- February 06, 2024
- 12:27 PM
- 4
New Windows Event Log zero-day flaw gets unofficial patches

Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain.
- Sergiu Gatlan
- February 01, 2024
- 10:34 AM
- 0
Ivanti warns of new Connect Secure zero-day exploited in attacks

Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
- Sergiu Gatlan
- January 31, 2024
- 08:41 AM
- 0
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
- Sergiu Gatlan
- January 26, 2024
- 07:32 AM
- 0
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo

Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
- Sergiu Gatlan
- January 25, 2024
- 10:49 AM
- 2
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
- Sergiu Gatlan
- January 24, 2024
- 08:36 AM
- 2
Apple fixes first zero-day bug exploited in attacks this year

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.
- Sergiu Gatlan
- January 22, 2024
- 02:20 PM
- 0
Ivanti: VPN appliances vulnerable if pushing configs after mitigation

Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.
- Sergiu Gatlan
- January 22, 2024
- 01:24 PM
- 0
CISA emergency directive: Mitigate Ivanti zero-days immediately

CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
- Sergiu Gatlan
- January 19, 2024
- 02:25 PM
- 0
Chinese hackers exploit VMware bug as zero-day for two years

A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.
- Sergiu Gatlan
- January 19, 2024
- 11:32 AM
- 0
CISA pushes federal agencies to patch Citrix RCE within a week

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
- Sergiu Gatlan
- January 17, 2024
- 01:31 PM
- 0
Citrix warns of new Netscaler zero-days exploited in attacks

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
- Sergiu Gatlan
- January 16, 2024
- 03:33 PM
- 0