zeroday

  • Blog
    digitpatrox3 days ago
    21

    Serbian police used Cellebrite zero-day hack to unlock Android phones

    Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite is an Israeli digital forensics company that develops tools used by law enforcement, intelligence agencies, and private companies to extract data from smartphones and other digital devices. Companies like Cellebrite commonly…

    Read More »
  • Blog
    digitpatrox1 week ago
    76

    Microsoft fixes Power Pages zero-day bug exploited in attacks

    Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it has addressed the risk at…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    754

    PostgreSQL flaw exploited as zero-day in BeyondTrust breach

    ​Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. Less than one month later, in…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    31

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    40

    Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks

    Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks. “A physical attack may disable USB Restricted Mode on a locked device,” the company revealed in an advisory targeting iPhone and iPad users.  “Apple is aware of a report that this issue may have been exploited in…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    34

    Google fixes Android kernel zero-day exploited in attacks

    The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel’s USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver does…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    45

    Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now

    Keeping your phone up to date and running the latest security patches is the easiest way to stay safe from hackers which is why if you own one of the best Android phones, you’re going to want to install the February 2025 Android security updates right away. As reported by BleepingComptuer, Google has released this month’s Android security updates which…

    Read More »
  • Blog
    digitpatroxJanuary 27, 2025
    46

    Apple fixes this year’s first actively exploited zero-day bug

    ​Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple’s Core Media framework. “A malicious application may be able to elevate privileges. Apple is aware of a…

    Read More »
  • Blog
    digitpatroxJanuary 23, 2025
    46

    SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

    SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific conditions. The vulnerability affects all…

    Read More »
  • Blog
    digitpatroxJanuary 20, 2025
    54

    2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

    Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional…

    Read More »
Load More
Back to top button
close