Zero-Day

A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting...

A critical zero-day vulnerability in the Windows Common Log File System (CLFS) has been uncovered and is being actively exploited by a ransomware group. The vulnerability Tracked as CVE-2025-29824, this elevation of privilege flaw has...

Google has released its April 2025 Android Security Bulletin, addressing numerous critical vulnerabilities including two zero-day flaws actively exploited in targeted attacks.  This marks the third consecutive month that Google has issued emergency patches for...

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones,...

Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems.  The...

A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.  This zero-day flaw enables attackers to capture users' NTLM authentication credentials...

Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to...

Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. Following the investigation, WhatsApp notified approximately...

A critical Windows vulnerability that has been exploited since 2017 by state-sponsored threat actors has been uncovered recently by researchers. The vulnerability, tracked as ZDI-CAN-25373, allows attackers to execute hidden malicious commands on victims' machines...

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write...