zeroday

  • Blog
    digitpatrox2 weeks ago
    40

    For June’s Patch Tuesday, 68 fixes — and two zero-day flaws

    Microsoft offered up a fairly light Patch Tuesday release this month, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. That said, two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Office. (Developers can follow their usual…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    47

    Hackers exploited Windows WebDav zero-day to drop malware

    An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. Stealth Falcon (aka ‘FruityArmor’) is an advanced persistent threat (APT) group known for conducting cyberespionage attacks against Middle East organizations. The flaw, tracked under CVE-2025-33053, is a remote code execution…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    54

    Google patches new Chrome zero-day bug exploited in attacks

    Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. “Google is aware that an exploit for CVE-2025-5419 exists in the wild,” the company warned in a security advisory published on Monday. This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by…

    Read More »
  • Blog
    digitpatroxMay 22, 2025
    69

    Chinese hackers breach US local governments using Cityworks zero-day

    Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. Trimble Cityworks is a Geographic Information System (GIS)-based asset management and work order management software primarily used by local governments, utilities, and public works organizations and designed to help infrastructure agencies and municipalities manage public assets, handle permitting and licensing, and…

    Read More »
  • Blog
    digitpatroxMay 16, 2025
    72

    May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes – Computerworld

    This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. Due to the concerns of publicly reported exploits for five Windows vulnerabilities, the Application Readiness team has recommended a “Patch Now” schedule…

    Read More »
  • Blog
    digitpatroxMay 14, 2025
    68

    SAP patches second zero-day flaw exploited in recent attacks

    SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer that was fixed in…

    Read More »
  • Blog
    digitpatroxMay 13, 2025
    78

    Output Messenger flaw exploited as zero-day in espionage attacks

    A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. Microsoft Threat Intelligence analysts who spotted these attacks also discovered the security flaw (CVE-2025-27920) in the LAN messaging application, a directory traversal vulnerability that can let authenticated attackers access sensitive files outside the intended directory or deploy malicious payloads on…

    Read More »
  • Blog
    digitpatroxMay 7, 2025
    81

    Play ransomware exploited Windows logging flaw in zero-day attacks

    The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month’s Patch Tuesday. “The targets include organizations in the information technology (IT) and…

    Read More »
  • Blog
    digitpatroxApril 27, 2025
    72

    SAP fixes suspected Netweaver zero-day exploited in attacks

    SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable files without needing…

    Read More »
  • Blog
    digitpatroxApril 26, 2025
    450

    Craft CMS RCE exploit chain used in zero-day attacks to steal data

    Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS were exploited to breach the…

    Read More »
Load More
Back to top button
close