zero-Day

Pierluigi Paganini October 05, 2023
A WhatsApp zero-day exploit can cost several million dollars

TechCrunch reported that a working zero-day exploit for the popular WhatsApp can be paid millions of dollars. The research of zero-day exploits for popular applications such as WhatsApp is even more complex due to the security mechanisms implemented by the developers of the mobile OSs and the app. TechCrunch reported that a zero-day exploits for […]

Pierluigi Paganini October 04, 2023
Apple fixed the 17th zero-day flaw exploited in attacks

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed […]

Pierluigi Paganini October 04, 2023
Chipmaker Qualcomm warns of three actively exploited zero-days

Chipmaker Qualcomm addressed 17 vulnerabilities in various components and warns of three other actively exploited zero-day flaws. Chipmaker Qualcomm released security updates to address 17 vulnerabilities in several components. Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three […]

Pierluigi Paganini September 29, 2023
A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed […]

Pierluigi Paganini September 28, 2023
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. Cisco warned customers to install security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2023-20109 (CVS 6.6), that resides in IOS and IOS XE software. The vulnerability resides in […]

Pierluigi Paganini September 27, 2023
Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices. The Russian company pointed out […]

Pierluigi Paganini September 20, 2023
Trend Micro addresses actively exploited zero-day in Apex One and other security Products

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.  According to the security […]

Pierluigi Paganini September 12, 2023
Adobe fixed actively exploited zero-day in Acrobat and Reader

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26369, is an out-of-bounds write […]

Pierluigi Paganini September 11, 2023
GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited […]

Pierluigi Paganini September 08, 2023
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Group’s Pegasus spyware.  According to the researchers, the two vulnerabilities were chained […]