zerodays

  • Blog
    digitpatrox2 weeks ago
    40

    For March’s Patch Tuesday, 57 fixes — and 7 zero-days

    For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio.  Adobe is back with a critical update for Reader, but it’s not been paired (at least for now) with a Microsoft patch. To navigate what’s…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    44

    Broadcom issues urgent alert over three VMware zero-days

    Broadcom has published a critical security advisory disclosing three zero-day vulnerabilities affecting its VMware ESXi, Workstation, and Fusion products. The three flaws range in severity, with the most serious being CVE-2025-22224, a critical time-of-check time-of-use (TOCTOU) vulnerability in VMware ESXi and Workstation rated 9.3 on the CVSS. A blog from Rapid7 stated that the TOCTOU flaw could lead to an…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    49

    Broadcom fixes three VMware zero-days exploited in attacks

    Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape the virtual machine’s sandbox. “This…

    Read More »
  • Blog
    digitpatroxFebruary 12, 2025
    58

    Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

    Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 22…

    Read More »
  • Blog
    digitpatroxJanuary 26, 2025
    123

    Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025

    ​The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all devices targeted ran…

    Read More »
  • Blog
    digitpatroxJanuary 23, 2025
    64

    Critical zero-days impact premium WordPress real estate plugins

    The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response. Also, Patchstack says the…

    Read More »
  • Blog
    digitpatroxNovember 26, 2024
    128

    Firefox and Windows zero-days exploited by Russian RomCom hackers

    ​Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw (CVE-2024-9680) is a use-after-free bug in Firefox’s animation timeline feature that allows code execution in the web browser’s sandbox. Mozilla patched this vulnerability on October 9, 2024, one day after ESET reported it. The second…

    Read More »
  • Blog
    digitpatroxNovember 20, 2024
    118

    Apple fixes two zero-days used in attacks on Intel-based Macs

    Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS. The JavaScriptCore CVE-2024-44308 flaw allows…

    Read More »
  • Blog
    digitpatroxNovember 6, 2024
    110

    Google fixes two Android zero-days used in targeted attacks

    Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. “There are indications that the following may be under limited, targeted exploitation,” says Google’s advisory. The CVE-2024-43047 flaw is a high-severity use-after-free issue…

    Read More »
  • Blog
    digitpatroxNovember 2, 2024
    176

    Synology hurries out patches for zero-days exploited at Pwn2Own

    Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security advisories published two days after the…

    Read More »
Load More
Back to top button
close