Tag Archives: ZeroDay

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when attackers successfully exploit …

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks  The Hacker News Apple Rushes Out Fix for Zero-Day Attack on iPhones, Macs  PCMag Apple releases iOS 18.6.2 for iPhone, here’s what’s new  9to5Mac Apple fixes new zero-day flaw exploited in targeted attacks  BleepingComputer Update your iPhone now to protect it from ‘extremely sophisticated’ attack  Mashable Source link

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws  The Hacker News Microsoft Patch Tuesday, August 2025 Edition  Krebs on Security Microsoft’s Patch Tuesday gives sys admins a baker’s dozen  theregister.com Windows 10 KB5063709 update fixes extended security updates enrollment  BleepingComputer Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages  CyberSecurityNews Source link

Tag CVE ID CVE Title Severity Azure File Sync CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability Important Azure Stack CVE-2025-53793 Azure Stack Hub Information Disclosure Vulnerability Critical Azure Stack CVE-2025-53765 Azure Stack Hub Information Disclosure Vulnerability Important Azure Virtual Machines CVE-2025-49707 …

ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with …

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately  The Hacker News WinRAR zero-day exploited to plant malware on archive extraction  BleepingComputer Newly discovered WinRAR exploit linked to Russian hacking group, can plant backdoor malware — zero day hack requires manual update to fix  Tom’s Hardware Patch Now: New WinRAR Flaw Used to Deliver Malware  PCMag Phishing attacks exploit WinRAR flaw CVE-2025-8088 …

The iOS 18.6, iPadOS 18.6, and macOS Sequoia 15.6 updates that Apple released yesterday address a major zero-day attack that targeted Chrome users, according to Bleeping Computer. Apple says that CVE-2025-6558 was a vulnerability in open source code that also affected Apple software. The flaw could allow remote attackers to execute arbitrary code using HTML pages created for that purpose, …

Security researchers at Google and Microsoft say they have evidence that hackers backed by China are exploiting a zero-day bug in Microsoft SharePoint, as companies around the world scramble to patch the flaw. The bug, known officially as CVE-2025-53770 and discovered last weekend, allows hackers to steal sensitive private keys from self-hosted versions of SharePoint, a software server widely used …

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access  The Hacker News Global hack on Microsoft product hits U.S., state agencies, researchers say  The Washington Post Microsoft Sharepoint ToolShell attacks linked to Chinese hackers  BleepingComputer Why Microsoft Is Urging Security Updates for SharePoint Customers  Barron’s Agencies face tight deadline to mitigate SharePoint vulnerability  Federal News Network Source link

The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers and news reports. Over the weekend, U.S. cybersecurity agency CISA published an alert, warning that hackers were exploiting a previously unknown bug — known as a “zero-day” — in Microsoft’s enterprise data management product SharePoint. …