Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
Apple released new updates earlier this week that patch zero-day vulnerabilities in iOS and iPadOS devices. The flaws fixed in the latest updates have reportedly been exploited in the wild by threat actors. One of the flaws is an out-of-bounds write issue in the kernel and could be exploited by
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
Microsoft has fast-tracked two patches for vulnerabilities impacting Microsoft Exchange Servers. The vulnerabilities have been reported as zero-days. While Microsoft works on developing a patch, businesses should be on alert for attacks targeting these vulnerabilities. Last Friday, Microsoft confirmed that it has identified targeted attacks, albeit limited. The bugs can
Apple Quietly Releases Another Patch for Zero-Day RCE Bug
Apple has released more updates to patch a remote-code execution flaw that is being actively exploited. The vulnerability was patched earlier this month in newer devices. However, the Wednesday update, iOS 12.5.6 now makes it possible to patch iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2,
Google Reports Record Year for Zero Days in 2021
Google reported that 2021 was a record year for zero-day exploits, the highest number since Google began tracking them. However, the company states that this could be a result of improved detection efforts and disclosure procedures rather than increased criminal activity. Project Zero, Google’s exploit team, tracked 58 zero-day exploits
Google Chrome Bug Actively Exploited as Zero-Day
Google has released an emergency patch for a security flaw found in the open-source V8 JavaScript engine that is being actively exploited in the wild. The vulnerability applies to Google’s Stable channel for the desktop version of Chrome. The bug is being tracked as CVE-2022-1096 and is a type-confusion issue.
Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw
A new ransomware strain is allegedly targeting the QNAP customer base, effectively locking users out of the Network Attached Storage (NAS) devices and prohibiting them from accessing stored data. The attacks are stemming from a zero-day flaw in the products, according to security researchers. QNAP NAS have been a target
FatPipe VPN Zero-Day Exploited by APT for 6 Months
The FBI released an alert stating that the advanced persistent threat groups (APTs) have been exploiting a zero-day flaw in FatPipe’s virtual private network as a way to breach companies and gain access to internal networks. The FBI stated that the threat groups have been exploiting the zero-day vulnerability since
Apache HTTP Server Project patches exploited zero-day vulnerability
Apache HTTP Server Project developers are urging users to immediately implement a patch that resolves a zero-day vulnerability. According to a security advisory that was published yesterday, the bug is known to be actively exploited in the wild. Apache HTTP Server is an open-source project that focuses on the development
UK blames China for Microsoft Exchange Server hack
On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group
Safari Zero-Day Used in Malicious LinkedIn Campaign
According to researchers from Google’s Threat Analysis Group and Project Zero, attackers exploited a Safari vulnerability to target government officials in Western Europe. The vulnerability was leveraged to send malicious links to government officials via LinkedIn. Google’s research team detected and reported the vulnerability, publishing a blog post on Wednesday