zero-Day

Pierluigi Paganini June 05, 2024
CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

A vulnerability in the popular video-sharing platform TikTok allowed threat actors to take over the accounts of celebrities. Threat actors exploited a zero-day vulnerability in the video-sharing platform TikTok to hijack high-profile accounts. The vulnerability resides in the direct messages feature implemented by the platform, reported Forbes. The malware spreads through direct messages within the app […]

Pierluigi Paganini May 29, 2024
Check Point released hotfix for actively exploited VPN zero-day

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively being exploited in attacks in the wild. The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors […]

Pierluigi Paganini May 24, 2024
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity […]

Pierluigi Paganini May 14, 2024
Google fixes sixth actively exploited Chrome zero-day this year

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser. The company confirmed […]

Pierluigi Paganini May 10, 2024
Google fixes fifth actively exploited Chrome zero-day this year

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-4671, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the […]

Pierluigi Paganini April 20, 2024
Critical CrushFTP zero-day exploited in attacks in the wild

Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL protocols, allowing users to transfer files securely over […]

Pierluigi Paganini April 11, 2024
Microsoft fixed two zero-day bugs exploited in malware attacks

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed […]

Pierluigi Paganini April 08, 2024
Crowdfense is offering a larger 30M USD exploit acquisition program

Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program. Crowdfense is a world-leading research hub and acquisition platform focused on high-quality zero-day exploits and advanced vulnerability research. In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “Vulnerability Research […]

Pierluigi Paganini March 05, 2024
Apple emergency security updates fix two new iOS zero-days

Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it […]

Pierluigi Paganini February 29, 2024
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver.  The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February […]