Zero-Day

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write...

A critical zero-day vulnerability in BigAntSoft's BigAnt Server (CVE-2025-0364) allows unauthenticated attackers to execute arbitrary code on affected systems through a chain of SaaS registration abuses and PHP file uploads.  The flaw, discovered by VulnCheck...

A zero-day vulnerability has been discovered in the Mobile Security Framework (MobSF), an automated platform for mobile application penetration testing, malware analysis, and security assessments.  The flaw, identified as a Partial Denial of Service (DoS)...

BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since...

A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise,...

Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.  The flaw, identified as CVE-2025-24085, is a use-after-free issue in the Core Media framework, which handles multimedia...

A zero-day vulnerability in the Windows Common Log File System (CLFS) driver, designated as CVE-2024-49138. This critical flaw, identified by CrowdStrike's Advanced Research Team, allows attackers to escalate privileges to SYSTEM level without requiring user...

Google Security researchers have disclosed a critical vulnerability, tagged as CVE-2024-49415, affecting Samsung smartphones last year and reported to Samsung with a 90-day deadline to patch. This zero-click remote code execution (RCE) flaw originates...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day vulnerabilities affecting Fortinet FortiOS and Microsoft Windows' Hyper-V NT Kernel Integration. This action underscores...

Cybersecurity researchers at EXPMON have uncovered an intriguing "zero-day behavior" in PDF samples that could potentially be exploited by attackers to leak sensitive NTLM authentication data. The discovery highlights vulnerabilities in how Adobe Reader...