zerodays

  • Blog
    digitpatrox3 weeks ago
    43

    Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks

    Image: ink drop/Adobe Stock Apple has rolled out emergency updates to patch two serious security flaws that were actively being exploited in highly targeted attacks on iPhones and other Apple devices. The fixes, released on April 16 as part of iOS 18.4.1 and macOS Sequoia 15.4.1, address zero-day vulnerabilities. Apple said these bugs were used in an “extremely sophisticated attack…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    46

    Apple fixes two zero-days exploited in targeted iPhone attacks

    Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an “extremely sophisticated attack” against specific targets’ iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    69

    For March’s Patch Tuesday, 57 fixes — and 7 zero-days

    For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio.  Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…

    Read More »
  • Blog
    digitpatroxMarch 5, 2025
    106

    Broadcom issues urgent alert over three VMware zero-days

    Broadcom has published a critical security advisory disclosing three zero-day vulnerabilities affecting its VMware ESXi, Workstation, and Fusion products. The three flaws range in severity, with the most serious being CVE-2025-22224, a critical time-of-check time-of-use (TOCTOU) vulnerability in VMware ESXi and Workstation rated 9.3 on the CVSS. A blog from Rapid7 stated that the TOCTOU flaw could lead to an…

    Read More »
  • Blog
    digitpatroxMarch 4, 2025
    125

    Broadcom fixes three VMware zero-days exploited in attacks

    Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape the virtual machine’s sandbox. “This…

    Read More »
  • Blog
    digitpatroxFebruary 12, 2025
    82

    Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

    Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 22…

    Read More »
  • Blog
    digitpatroxJanuary 26, 2025
    183

    Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

    ​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all devices targeted ran…

    Read More »
  • Blog
    digitpatroxJanuary 23, 2025
    86

    Critical zero-days impact premium WordPress real estate plugins

    The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. Also, Patchstack says the…

    Read More »
  • Blog
    digitpatroxNovember 26, 2024
    154

    Firefox and Windows zero-days exploited by Russian RomCom hackers

    ​Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw (CVE-2024-9680) is a use-after-free bug in Firefox’s animation timeline feature that allows code execution in the web browser’s sandbox. Mozilla patched this vulnerability on October 9, 2024, one day after ESET reported it. The second…

    Read More »
  • Blog
    digitpatroxNovember 20, 2024
    150

    Apple fixes two zero-days used in attacks on Intel-based Macs

    Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS. The JavaScriptCore CVE-2024-44308 flaw allows…

    Read More »
Load More
Back to top button
close