Latest Zero-Day news

Hackers update Cisco IOS XE backdoor to hide infected devices

The number of Cisco IOS XE devices detected with a malicious backdoor implant has plummeted from over 50,000 impacted devices to only a few hundred after the attackers updated the backdoor to hide infected systems from scans.
- Lawrence Abrams
- October 22, 2023
- 01:37 PM
- 2
Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.
- Sergiu Gatlan
- October 20, 2023
- 06:12 PM
- 0
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day

More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
- Ionut Ilascu
- October 19, 2023
- 09:08 PM
- 0
Recently patched Citrix NetScaler bug exploited as zero-day since August

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.
- Bill Toulas
- October 18, 2023
- 07:01 AM
- 1
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks

Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
- Sergiu Gatlan
- October 17, 2023
- 09:15 AM
- 0
Hackers exploit critical flaw in WordPress Royal Elementor plugin

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
- Bill Toulas
- October 16, 2023
- 03:08 PM
- 1
Cisco warns of new IOS XE zero-day actively exploited in attacks

Cisco warned admins today of a new maximum severity authentication bypass zero-day in its IOS XE software that lets unauthenticated attackers gain full administrator privileges and take complete control of affected routers and switches remotely.
- Sergiu Gatlan
- October 16, 2023
- 11:43 AM
- 1
Signal says there is no evidence rumored zero-day bug is real

Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
- Lawrence Abrams
- October 16, 2023
- 02:04 AM
- 1
Apple fixes iOS Kernel zero-day vulnerability on older iPhones

Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
- Sergiu Gatlan
- October 12, 2023
- 12:40 PM
- 0
Microsoft: State hackers exploiting Confluence zero-day since September

Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
- Bill Toulas
- October 11, 2023
- 10:29 AM
- 0
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws

Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
- Lawrence Abrams
- October 10, 2023
- 01:49 PM
- 5
New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.
- Bill Toulas
- October 10, 2023
- 10:12 AM
- 0
Apple emergency update fixes new zero-day used to hack iPhones

Apple released new emergency security updates on Wednesday to patch two new zero-day vulnerabilities known to be exploited in attacks.
- Sergiu Gatlan
- October 04, 2023
- 02:19 PM
- 9
Atlassian patches critical Confluence zero-day exploited in attacks

Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks.
- Sergiu Gatlan
- October 04, 2023
- 01:41 PM
- 0
Sony confirms data breach impacting thousands in the U.S.

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
- Bill Toulas
- October 04, 2023
- 08:04 AM
- 2
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
- Bill Toulas
- October 03, 2023
- 11:29 AM
- 0
Microsoft Edge, Teams get fixes for zero-days in open-source libraries

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products.
- Sergiu Gatlan
- October 03, 2023
- 10:54 AM
- 0
Millions of Exim mail servers exposed to zero-day RCE attacks

A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
- Sergiu Gatlan
- September 29, 2023
- 04:11 PM
- 2
Cisco urges admins to fix IOS software zero-day exploited in attacks

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.
- Sergiu Gatlan
- September 28, 2023
- 11:34 AM
- 0
Google fixes fifth actively exploited Chrome zero-day of 2023

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
- Sergiu Gatlan
- September 27, 2023
- 06:12 PM
- 3