⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react afte...

PT-2025-28258 · Invt · Invt Hmitool

Name of the Vulnerable Software and Affected Versions: INVT HMITool affected versions not specified Description: The issue is related to a remote code execution vulnerability due to out-of-bounds write in VPM file parsing. It is reported as a 0-day vulnerability. Recommendations: At the moment,...

Microsoft 365 MSO 2306 Build 16.0.16529.20100 Remote Code Execution

Title: Microsoft Outlook ®Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit RCE Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/...

Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution

Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...

Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products

By Deeba Ahmed According to researchers, multiple Fortinet products were impacted by this vulnerability, including FortiManager, FortiGate, and FortiAnalyzer. This is a post from HackRead.com Read the original post: Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products...

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target...

Twitter data breach affects 5.4M users

Twitter has confirmed that it was breached last month via a now-patched 0-day vulnerability in Twitters systems, allowing an attacker to link email addresses and phone numbers to user accounts. This enabled the attacker to compile a list of 5.4 million Twitter user account profiles. "We want to l...

Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”

By Deeba Ahmed NaoSec cybersecurity researchers state the "odd-looking" MS Word document was uploaded on VirusTotal from a Belarus IP address.… This is a post from HackRead.com Read the original post: Researchers Warn of New Microsoft Office 0-Day Vulnerability "Follina"...

Spring4Shell-Poc - Spring Core RCE 0-day Vulnerability

Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean packag...

Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)

Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell very severe, exploited in the wild no CVE yet and another one in Spring Cloud Function less severe, CVE-2022-22963 Wallarm has rolled out the update to detect and mitigate both vulnerabilities No...

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity compa...

Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total o...

SolarWinds hackers exploited iOS 0-day to compromise iPhones

By Deeba Ahmed According to Google, SolarWinds hackers exploited an iOS 0-day vulnerability to hack iPhones and made millions from targeting phones worldwide. This is a post from HackRead.com Read the original post: SolarWinds hackers exploited iOS 0-day to compromise iPhones...

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager, Adobe...

WordPress Plugin Wp-FileManager 6.8 - RCE

Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster CVE: CVE-2020-25213 Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 or above Tested on: wp-file-manage...

WordPress File Manager Plugin < 6.9 Arbitrary File Upload

We noticed multiple cases where WordPress sites were breached using 0-day in wp-file-manager confirmed with v6.8, which was the latest version available in wordpress.org. File lib/php/connector.minimal.php can be by default opened directly, and this file loads lib/php/elFinderConnector.class.php...

CVE-2020-10592

Tor is affected by CVE-2020-10592 (CPU consumption DoS) and CVE-2020-10593 (circuit padding memory leak) in versions before 0.3.5.10/0.4.x before 0.4.1.9/0.4.2.x before 0.4.2.7. Public advisories indicate upgrades to Tor 0.3.5.12 or later (e.g., 0.3.5.12, and later 0.3.5.x lines) address these is...

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December securi...

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account...

Steam 0 day vulnerability affects 1 billion users-vulnerability warning-the black bar safety net

! The Steam platform is currently the most popular game platform steam has over 1 million registered users, with millions of users simultaneously participate in the game. Researchers in the Steam games Windows the client found a 0-day privilege escalation vulnerability, exploit the vulnerability...