Lazarus Hackers Exploited Windows kernel 0-day In The Wild
The Lazarus threat group has been exploiting a Microsoft vulnerability associated with Windows Kernel Privilege Escalation to establish a kernel-level read/write primitive.
This vulnerability was previously unknown which exists in the appid.sys AppLocker driver.
This...
Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day
Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate corporate networks.
The two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 were associated with authentication bypass and arbitrary command...
Google Chrome Zero-day Exploited in the Wild: Patch Now!
Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.
To address the actively exploited zero-day vulnerability, the...
Apple Urgently Patches Zero-day Flaw Exploited in the Wild
Apple has released an emergency security update for patching two actively exploited zero-day vulnerabilities on iOS. The vulnerabilities were discovered earlier this month and are tracked as CVE-2023-42916, and CVE-2023-42917 affected many Apple products.
The...
Hackers Exploiting Zimbra 0-day to Attack Government Organizations
Zimbra Collaboration is an open-source solution software suite with an email server and web client for collaboration.
Over 5,000 companies and public sector users, along with hundreds of millions of end-users in more than 140...
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
As previously reported, SysAid disclosed a zero-day issue affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability and was given CVE-2023-47426.
Additionally, SysAid stated that there were reports of Lace...
SideCopy APT group Exploiting WinRAR Zero-Day to Deliver Ares RAT
SideCopy, the Pakistani-based threat actor, has been using the WinRAR vulnerability (CVE-2023-38831) to target Indian government entities for delivering multiple RATs (Remote Access Trojans) like AllaKore RAT, Ares RAT, and DRat.
The threat actor has...
Exploit Released for Cisco IOS XE Zero-day Vulnerability
Cisco was reported with a critical vulnerability last week, which has been actively exploited by threat actors in the wild. The vulnerability was assigned with the CVE-2023-20198 and was given a severity rating of...
Over 700 Zero-Day Vulnerabilities Identified in Q3 2023: Mitigation Methods on WAAP
The term "zero-day" indicates no time between developers discovering a vulnerability and attackers exploiting it.
According to the Indusface zero-day vulnerability report, over 700 0-day vulnerabilities were identified in Q3, 2023.
This blog outlines the risks...
Hackers Exploit Roundcube Zero-day to Attack Government Email Servers
Hackers usually opt for zero-day vulnerabilities because they are not publicly known, making them more difficult for defenders to patch or protect against.
This gives hackers an advantage by exploiting a flaw before it's discovered...