New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials
New identical Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials vulnerability that might allow attackers to obtain NTLM credentials of compromised systems while fixing CVE-2024-38030, a medium-severity Windows Themes spoofing issue.
Acros Security researchers reported...
Samsung Use-After-Free Zero-day Vulnerability Exploited In The Wild
Samsung has devices affected by a critical security vulnerability (CVE-2024-44068) that affects multiple Exynos mobile processors actively exploited in the wild.
The high-severity flaw impacts several processor models, including the Exynos 9820, 9825, 980, 990,...
52 Zero-Days Uncovered: Hackers Earn $486,250 at Pwn2Own Ireland 2024
The first day of Pwn2Own Ireland 2024 has concluded with an impressive showcase of cybersecurity prowess, as hackers demonstrated their skills by uncovering 52 zero-day vulnerabilities.
The event, held at Trend Micro’s offices in...
North Korean Hackers Exploited Internet Explorer Zero-Day Flaw
A joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC) has revealed a new zero-day vulnerability (CVE-2024-38178) in Microsoft Internet Explorer (IE) being actively exploited by North...
Nation-State Actors Exploiting Ivanti CSA 0-days To Compromise Victims’ Networks
Researchers have uncovered a sophisticated attack campaign targeting Ivanti Cloud Services Appliance (CSA) users.
Nation-state actors are exploiting multiple zero-day vulnerabilities in the CSA to gain unauthorized access to victims' networks and establish a...
iTunes 0-day Privilege Escalation Flaw Let Attackers Hack Windows
iTunes is a media player which is developed by Apple Inc. and this application enables users to purchase, organize, and play digital music and videos.
It was launched in 2001 and revolutionized the way people...
Windows MSHTML Zero-Day Vulnerability Exploited In The Wild
The Windows MSHTML platform spoofing vulnerability, CVE-2024-43461, which affects all supported Windows versions, has been exploited in the wild.
CVE-2024-43461 was used in attacks by the Void Banshee APT hacking group. Research from Trend Micro...
Exploitation Zero-Day Vulnerabilities For Remote Access Became Prime Target
The cybersecurity landscape in 2024 has been marked by a significant surge in malware and vulnerabilities.
The Key trends include the expansion of Ransomware-as-a-Service (RaaS), an increase in software supply chain attacks, and the exploitation...
Windows Smart App Control Zero-Day (CVE-2024-38217) Exploited Since 2018 Finally Fixed
Microsoft has addressed a critical zero-day vulnerability affecting its Windows Smart App Control (SAC) and SmartScreen security features.
This vulnerability was fixed at Microsoft’s September 2024 Patch Tuesday, which addressed a significant number...
RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware
The Russian group RomCom, dubbed Storm-0978, distributes underground ransomware by leveraging the Microsoft Office and Windows HTML RCE zero-day vulnerability identified as CVE-2023-36884.
This ransomware encrypts files on victims' Windows computers, similar to typical ransomware,...