26 Oct 2022

Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Apple released new updates earlier this week that patch zero-day vulnerabilities in iOS and iPadOS devices. The flaws fixed in the latest updates have reportedly been exploited in the wild by threat actors. One of the flaws is an out-of-bounds write issue in the kernel and could be exploited by

Read More
04 Oct 2022

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

Microsoft has fast-tracked two patches for vulnerabilities impacting Microsoft Exchange Servers. The vulnerabilities have been reported as zero-days. While Microsoft works on developing a patch, businesses should be on alert for attacks targeting these vulnerabilities. Last Friday, Microsoft confirmed that it has identified targeted attacks, albeit limited. The bugs can

Read More
02 Sep 2022

Apple Quietly Releases Another Patch for Zero-Day RCE Bug

Apple has released more updates to patch a remote-code execution flaw that is being actively exploited. The vulnerability was patched earlier this month in newer devices. However, the Wednesday update, iOS 12.5.6 now makes it possible to patch iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2,

Read More
21 Apr 2022

Google Reports Record Year for Zero Days in 2021

Google reported that 2021 was a record year for zero-day exploits, the highest number since Google began tracking them. However, the company states that this could be a result of improved detection efforts and disclosure procedures rather than increased criminal activity. Project Zero, Google’s exploit team, tracked 58 zero-day exploits

Read More
31 Mar 2022

Google Chrome Bug Actively Exploited as Zero-Day

Google has released an emergency patch for a security flaw found in the open-source V8 JavaScript engine that is being actively exploited in the wild. The vulnerability applies to Google’s Stable channel for the desktop version of Chrome. The bug is being tracked as CVE-2022-1096 and is a type-confusion issue.

Read More
27 Jan 2022

Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw

A new ransomware strain is allegedly targeting the QNAP customer base, effectively locking users out of the Network Attached Storage (NAS) devices and prohibiting them from accessing stored data. The attacks are stemming from a zero-day flaw in the products, according to security researchers. QNAP NAS have been a target

Read More
19 Nov 2021

FatPipe VPN Zero-Day Exploited by APT for 6 Months

The FBI released an alert stating that the advanced persistent threat groups (APTs) have been exploiting a zero-day flaw in FatPipe’s virtual private network as a way to breach companies and gain access to internal networks. The FBI stated that the threat groups have been exploiting the zero-day vulnerability since

Read More
06 Oct 2021

Apache HTTP Server Project patches exploited zero-day vulnerability

Apache HTTP Server Project developers are urging users to immediately implement a patch that resolves a zero-day vulnerability. According to a security advisory that was published yesterday, the bug is known to be actively exploited in the wild. Apache HTTP Server is an open-source project that focuses on the development

Read More
19 Jul 2021

UK blames China for Microsoft Exchange Server hack

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Read More
16 Jul 2021

Safari Zero-Day Used in Malicious LinkedIn Campaign

According to researchers from Google’s Threat Analysis Group and Project Zero, attackers exploited a Safari vulnerability to target government officials in Western Europe. The vulnerability was leveraged to send malicious links to government officials via LinkedIn. Google’s research team detected and reported the vulnerability, publishing a blog post on Wednesday

Read More