Pierluigi Paganini
September 30, 2022
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August […]
Pierluigi Paganini
September 12, 2022
Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited in attacks against iPhone and Mac devices. This is the eighth zero-day vulnerability fixed by the IT giant since […]
Pierluigi Paganini
September 09, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […]
Pierluigi Paganini
September 03, 2022
Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data […]
Pierluigi Paganini
August 21, 2022
Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the worldâs largest Bitcoin, Blockchain, and […]
Pierluigi Paganini
August 18, 2022
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893Â – An out-of-bounds issue in WebKit. An attacker can trigger the flaw […]
Pierluigi Paganini
August 17, 2022
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […]
Pierluigi Paganini
July 28, 2022
Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […]
Pierluigi Paganini
July 22, 2022
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which […]
Pierluigi Paganini
July 04, 2022
Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […]
