PT-2025-27264 · Marvell · Marvell Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole affected versions not specified Description: The issue is related to a directory traversal information disclosure problem. It is described as a 0-day vulnerability, indicating that it is a previously unknown issue...

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react afte...

PT-2025-12847 · Bec Technologies · Bec Technologies Multiple Routers

Name of the Vulnerable Software and Affected Versions: BEC Technologies Multiple Routers affected versions not specified Description: The issue concerns an authentication bypass vulnerability. It is reported to be a 0-day vulnerability, meaning it is being exploited in the wild before a fix is...

RHSA-2021:4750 Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.9] 0-day

Bulletin has no description...

RHSA-2021:1186 Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance

Bulletin has no description...

RHSA-2021:0383 Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Bulletin has no description...

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 !CVE-2022-37706-poc-zoomhttps://user-image...

PT-2025-28258 · Invt · Invt Hmitool

Name of the Vulnerable Software and Affected Versions: INVT HMITool affected versions not specified Description: The issue is related to a remote code execution vulnerability due to out-of-bounds write in VPM file parsing. It is reported as a 0-day vulnerability. Recommendations: At the moment,...

OPENSUSE-SU-2024:0142-1 Security update for opera

This update for opera fixes the following issues: - Update to 110.0.5130.39 DNA-115603 Rich Hints Pass trigger source to the Rich Hint DNA-116680 Import 0-day fix for CVE-2024-5274 - Update to 110.0.5130.35 CHR-9721 Update Chromium on desktop-stable-124-5130 to 124.0.6367.202 DNA-114787 Crash at...

CVE-2021-47348

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...

Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

By Deeba Ahmed Firewall on fire! This is a post from HackRead.com Read the original post: Palo Alto Patches 0-Day CVE-2024-3400 Exploited by Python Backdoor...

The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day

Summary: DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability...

How to catch a wild triangle

In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

By Waqas ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks. This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities...

Squid Multiple 0-Day Vulnerabilities (Oct 2023)

Squid is prone to multiple zero-day 0-day vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw

By Waqas The Fantom Foundation has acknowledged the breach and is currently conducting an investigation after hackers managed to steal more than $550,000 in cryptocurrency. This is a post from HackRead.com Read the original post: Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw...

Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk

By Waqas Tel Aviv-based firm OTORIO's cybersecurity research team identified and reported these vulnerabilities. This is a post from HackRead.com Read the original post: Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk...

Analyzing a Modern In-the-wild Android Exploit

By Seth Jenkins, Project Zero Introduction In December 2022, Google’s Threat Analysis Group TAG discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one...

CVE-2023-26369 [Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild

Acrobat Reader versions 23.003.20284 and earlier, 20.005.30516 and earlier and 20.005.30514 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On...