zerodays

  • Blog
    digitpatrox2 weeks ago
    36

    Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own

    During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. The highlight was a successful attempt from Nguyen Hoang Thach of STARLabs SG against the VMware ESXi, which earned him $150,000 for an integer overflow exploit. Dinh Ho…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    37

    Ivanti fixes EPMM zero-days chained in code execution attacks

    Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. “Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability,” the company said. “When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware…

    Read More »
  • Blog
    digitpatroxApril 18, 2025
    63

    Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks

    Image: ink drop/Adobe Stock Apple has rolled out emergency updates to patch two serious security flaws that were actively being exploited in highly targeted attacks on iPhones and other Apple devices. The fixes, released on April 16 as part of iOS 18.4.1 and macOS Sequoia 15.4.1, address zero-day vulnerabilities. Apple said these bugs were used in an “extremely sophisticated attack…

    Read More »
  • Blog
    digitpatroxApril 17, 2025
    64

    Apple fixes two zero-days exploited in targeted iPhone attacks

    Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an “extremely sophisticated attack” against specific targets’ iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    83

    For March’s Patch Tuesday, 57 fixes — and 7 zero-days

    For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio.  Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…

    Read More »
  • Blog
    digitpatroxMarch 5, 2025
    118

    Broadcom issues urgent alert over three VMware zero-days

    Broadcom has published a critical security advisory disclosing three zero-day vulnerabilities affecting its VMware ESXi, Workstation, and Fusion products. The three flaws range in severity, with the most serious being CVE-2025-22224, a critical time-of-check time-of-use (TOCTOU) vulnerability in VMware ESXi and Workstation rated 9.3 on the CVSS. A blog from Rapid7 stated that the TOCTOU flaw could lead to an…

    Read More »
  • Blog
    digitpatroxMarch 4, 2025
    136

    Broadcom fixes three VMware zero-days exploited in attacks

    Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape the virtual machine’s sandbox. “This…

    Read More »
  • Blog
    digitpatroxFebruary 12, 2025
    96

    Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

    Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 22…

    Read More »
  • Blog
    digitpatroxJanuary 26, 2025
    200

    Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

    ​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all devices targeted ran…

    Read More »
  • Blog
    digitpatroxJanuary 23, 2025
    103

    Critical zero-days impact premium WordPress real estate plugins

    The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. Also, Patchstack says the…

    Read More »
Load More
Back to top button
close