Latest Zero-Day news

The biggest cybersecurity and cyberattack stories of 2023

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
- Lawrence Abrams
- January 01, 2024
- 10:09 AM
- 0
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
- Bill Toulas
- December 29, 2023
- 11:13 AM
- 5
iPhone Triangulation attack abused undocumented hardware feature

The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.
- Bill Toulas
- December 27, 2023
- 09:14 AM
- 1
Barracuda fixes new ESG zero-day exploited by Chinese hackers

Network and email security firm Barracuda says it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers.
- Sergiu Gatlan
- December 27, 2023
- 06:49 AM
- 0
Fake F5 BIG-IP zero-day warning emails push data wipers

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
- Lawrence Abrams
- December 20, 2023
- 04:52 PM
- 1
Google fixes 8th Chrome zero-day exploited in attacks this year

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year.
- Sergiu Gatlan
- December 20, 2023
- 04:41 PM
- 0
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day

Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.
- Lawrence Abrams
- December 12, 2023
- 02:00 PM
- 1
Apple emergency updates fix recent zero-days on older iPhones

Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models.
- Sergiu Gatlan
- December 11, 2023
- 02:28 PM
- 0
Apple fixes two new iOS zero-days in emergency updates

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.
- Sergiu Gatlan
- November 30, 2023
- 02:42 PM
- 0
Google Chrome emergency update fixes 7th zero-day exploited in 2023

Google has fixed the seventh Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
- Sergiu Gatlan
- November 28, 2023
- 04:24 PM
- 0
UK and South Korea: Hackers use zero-day in supply-chain attack

A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
- Bill Toulas
- November 24, 2023
- 12:28 PM
- 0
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25.
- Bill Toulas
- November 17, 2023
- 11:04 AM
- 0
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws

Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
- Lawrence Abrams
- November 14, 2023
- 02:00 PM
- 0
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
- Bill Toulas
- November 09, 2023
- 09:28 AM
- 2
New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
- Bill Toulas
- November 03, 2023
- 11:14 AM
- 3
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked

Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
- Ionut Ilascu
- October 30, 2023
- 11:09 PM
- 0
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto

Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
- Sergiu Gatlan
- October 25, 2023
- 06:46 PM
- 0
European govt email servers hacked using Roundcube zero-day

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.
- Sergiu Gatlan
- October 25, 2023
- 07:00 AM
- 0
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto

Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
- Sergiu Gatlan
- October 24, 2023
- 07:48 PM
- 0
Cisco patches IOS XE zero-days used to hack over 50,000 devices

Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
- Ionut Ilascu
- October 23, 2023
- 10:08 AM
- 0