Latest Zero-Day news

US govt email servers hacked in Barracuda zero-day attacks

Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.
- Sergiu Gatlan
- August 29, 2023
- 08:00 AM
- 2
FBI warns of patched Barracuda ESG appliances still being hacked

The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks.
- Sergiu Gatlan
- August 24, 2023
- 03:09 PM
- 0
WinRAR zero-day exploited since April to hack trading accounts

A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
- Bill Toulas
- August 23, 2023
- 09:53 AM
- 0
Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
- Sergiu Gatlan
- August 21, 2023
- 11:28 AM
- 0
Microsoft Office update breaks actively exploited RCE attack chain

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.
- Ionut Ilascu
- August 08, 2023
- 04:15 PM
- 0
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws

Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities.
- Lawrence Abrams
- August 08, 2023
- 01:54 PM
- 2
Google: Android patch gap makes n-days as dangerous as zero-days

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods.
- Bill Toulas
- July 30, 2023
- 10:16 AM
- 2
Ivanti patches new zero-day exploited in Norwegian govt attacks

Ivanti has fixed another vulnerability in the Endpoint Manager Mobile software (formerly MobileIron Core), exploited as a zero-day to breach the IT systems of a dozen ministries in Norway.
- Sergiu Gatlan
- July 28, 2023
- 03:38 PM
- 0
Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.
- Sergiu Gatlan
- July 27, 2023
- 02:57 PM
- 0
Norway says Ivanti zero-day was used to hack govt IT systems

The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.
- Sergiu Gatlan
- July 25, 2023
- 02:42 AM
- 1
Ivanti patches MobileIron zero-day bug exploited in attacks

US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
- Sergiu Gatlan
- July 24, 2023
- 04:05 PM
- 0
Apple fixes new zero-day used in attacks against iPhones, Macs

Apple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads.
- Sergiu Gatlan
- July 24, 2023
- 02:36 PM
- 2
Norwegian government IT systems hacked using zero-day flaw

The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software.
- Bill Toulas
- July 24, 2023
- 11:14 AM
- 0
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw

Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks.
- Lawrence Abrams
- July 19, 2023
- 04:37 PM
- 0
New critical Citrix ADC and Gateway flaw exploited as zero-day

Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "strongly urges" to install updated versions without delay.
- Ionut Ilascu
- July 18, 2023
- 02:00 PM
- 1
CISA orders govt agencies to mitigate Windows and Office zero-days

CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks.
- Sergiu Gatlan
- July 18, 2023
- 04:41 AM
- 1
Apple re-releases zero-day patch after fixing browsing issue

Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites.
- Sergiu Gatlan
- July 12, 2023
- 05:27 PM
- 0
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
- Sergiu Gatlan
- July 11, 2023
- 02:23 PM
- 2
Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.
- Lawrence Abrams
- July 11, 2023
- 01:49 PM
- 0
Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.
- Sergiu Gatlan
- July 10, 2023
- 02:01 PM
- 5