zeroday

  • Blog
    digitpatrox1 week ago
    30

    EncryptHub linked to MMC zero-day attacks on Windows systems

    A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed ‘MSC EvilTwin’ and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices. Attackers can leverage the vulnerability to evade Windows…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    34

    Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

    Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in “extremely sophisticated” attacks. The vulnerability is tracked as CVE-2025-24201 and was found in the WebKit cross-platform web browser engine used by Apple’s Safari web browser and many other apps and web browsers on macOS, iOS, Linux, and Windows. “This is a supplementary fix…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    102

    Critical Zero-Day Vulnerabilities Found in These VMware Products

    Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How…

    Read More »
  • Blog
    digitpatroxMarch 1, 2025
    49

    Serbian police used Cellebrite zero-day hack to unlock Android phones

    Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite is an Israeli digital forensics company that develops tools used by law enforcement, intelligence agencies, and private companies to extract data from smartphones and other digital devices. Companies like Cellebrite commonly…

    Read More »
  • Blog
    digitpatroxFebruary 22, 2025
    118

    Microsoft fixes Power Pages zero-day bug exploited in attacks

    Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it has addressed the risk at…

    Read More »
  • Blog
    digitpatroxFebruary 14, 2025
    2,110

    PostgreSQL flaw exploited as zero-day in BeyondTrust breach

    ​Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. Less than one month later, in…

    Read More »
  • Blog
    digitpatroxFebruary 13, 2025
    58

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatroxFebruary 11, 2025
    52

    Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks

    Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks. “A physical attack may disable USB Restricted Mode on a locked device,” the company revealed in an advisory targeting iPhone and iPad users.  “Apple is aware of a report that this issue may have been exploited in…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    54

    Google fixes Android kernel zero-day exploited in attacks

    The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel’s USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver does…

    Read More »
  • Blog
    digitpatroxFebruary 4, 2025
    56

    Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now

    Keeping your phone up to date and running the latest security patches is the easiest way to stay safe from hackers which is why if you own one of the best Android phones, you’re going to want to install the February 2025 Android security updates right away. As reported by BleepingComptuer, Google has released this month’s Android security updates which…

    Read More »
Load More
Back to top button
close