zero-day vulnerability

Pierluigi Paganini April 14, 2023
Google fixed the first Chrome zero-day of 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability is a Type Confusion issue that resides in the JavaScript engine […]

Pierluigi Paganini July 04, 2021
REvil gang exploited a zero-day in the Kaseya supply chain attack

Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out […]

Pierluigi Paganini July 30, 2020
Expert discloses details of 3 Tor zero-day flaws … new ones to come

A security researcher published the details about two Tor zero-day vulnerabilities and plans to release three more flaws. The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more. Oppressive regimes could exploit these Tor zero-day flaws to prevent users from […]

Pierluigi Paganini April 18, 2015
TheRealDeal black Marketplace Offers Zero-Day Exploits

A new deep web marketplace dubbed TheRealDeal has appeared and it is offering a platform for both sellers and buyers of the zero-day exploits. The anonymity ensured by the Dark Web and black markets it hosts is an element of attractive for cyber criminal and intelligence agencies. Black markets offer a wide range of illegal products and services, despite normal people believes that drugs and […]

Pierluigi Paganini November 12, 2014
NHS Trusts fail to Extend Outdated Windows XP Security Support with Microsoft

Thousands of patient records in UK are vulnerable to cyber fraudsters after up to 20 trusts under the National Hospital Service failed to extend security support for outdated Windows XP with Microsoft. Trusts running on the outdated OS risks reversed engineered attacks from hackers exploiting vulnerabilities on the unsupported OS. Hundreds of Thousands of Patient […]

Pierluigi Paganini November 12, 2014
MS14-066 – A critical bug potentially affects all Windows versions. Patch it!

MS14-066 – A critical vulnerability affects all versions of Microsoft Windows systems, its exploitation could have catastrophic consequences. Microsoft has revealed the existence of a critical vulnerability in all versions of Windows operating systems, the flaw is particularly dangerous for users that servers that expose website. Microsoft issued a security advisory (Microsoft Security Bulletin MS14-066) on the vulnerability […]

Pierluigi Paganini June 06, 2014
Microsoft issues the patch for the debated IE critical vulnerabilities

Microsoft has announced the official patch for the critical vulnerability discovered recently in the Internet Explorer. Microsoft has published the “Microsoft Security Bulletin Advance Notification for June 2014” in which are released seven security Bulletins addressing different vulnerabilities in the company’s products. The notification includes two critical Remote Code Execution vulnerabilities affecting the products Microsoft Windows, Internet Explorer, MS […]

Pierluigi Paganini May 22, 2014
Microsoft hasn’t disclosed neither fixed a 4 months-old 0Day Internet Explorer 8 flaw

Zero Day Initiative website has disclosed a new zero-day Internet Explorer 8 vulnerability which was reported to Microsoft four months ago but not yet fixed Microsoft had kept hidden a critical Zero-Day vulnerability in Internet Explorer 8 since October 2013, this is the last disconcerting news that is circulating within the security community. Peter ‘corelanc0d3r’ Van […]

Pierluigi Paganini March 19, 2014
NSA programs MYSTIC and RETRO spies phone calls on global scale, also on past conversations

Documents leaked by Snowden reveals that NSA has built a surveillance system capable of recording all the phone calls of a foreign country. The information on the surveillance capabilities of the National Security Agency is updated on a daily base and last news is that the agency has the necessary technology to record all the […]

Pierluigi Paganini March 17, 2014
QUANTUMHAND – NSA impersonates Facebook to inject malware

Recent revelations on TURBINE platform include also a disturbing truth, NSA used QUANTUMHAND exploits to implant malware in Facebook users’ machines. Last Week Ryan Gallagher and Glenn Greenwald revealed the existence of TURBINE platform, a sophisticated hacking architecture used to take control of botnet C&C servers managed by cybercrime. One of the details revealed by the journalists raised a heated […]