Lucene search
K

184 matches found

The Hacker News
The Hacker News
added 2025/03/03 11:58 a.m.35 views

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive...

7.2CVSS8.2AI score0.72059EPSS
Exploits16
The Hacker News
The Hacker News
added 2025/02/28 4:48 p.m.28 views

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploi...

7.8CVSS6.8AI score0.03558EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.7 views

PT-2025-12837

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.177. Description A zero-day vulnerability, tracked as CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser's sandbox on Windows...

10CVSS8.4AI score0.21985EPSS
Exploits17References415
The Hacker News
The Hacker News
added 2025/01/08 10:29 a.m.23 views

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service DDoS attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the...

9.8CVSS9.7AI score0.99988EPSS
Exploits87
The Hacker News
The Hacker News
added 2024/10/24 9:53 a.m.37 views

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it made the discovery after it came across a novel attack chain in May 20...

9.6CVSS9.2AI score0.15111EPSS
Exploits2
Securelist
Securelist
added 2024/10/23 11:0 a.m.23 views

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our...

9.6CVSS7.7AI score0.15111EPSS
Exploits2
Opera Security Advisories
Opera Security Advisories
added 2024/08/23 12:0 a.m.8 views

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share August 23rd, 2024 Hi everyone! The latest patches to the Opera and Opera GX address several recent vulnerabilities, including a zero-day exploit CVE-2024-7971. We recommend updating your browsers to the latest...

9.6CVSS6.8AI score0.19272EPSS
Exploits6References1
Securelist
Securelist
added 2024/05/14 5:14 p.m.43 views

QakBot attacks with Windows zero-day (CVE-2024-30051)

In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a...

7.8CVSS8.4AI score0.11977EPSS
Exploits2
HackRead
HackRead
added 2024/04/25 11:48 a.m.13 views

Popular File Transfer Software CrushFTP Hit by Zero-Day Exploit

By Deeba Ahmed Popular File Transfer Software Hit by Zero-Day Exploit: Millions Potentially Exposed - Install Patches Right Now! This is a post from HackRead.com Read the original post: Popular File Transfer Software CrushFTP Hit by Zero-Day Exploit...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/12/21 10:0 a.m.66 views

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

7.2CVSS7.5AI score0.48973EPSS
Exploits14
Opera Security Advisories
Opera Security Advisories
added 2023/12/01 12:0 a.m.10 views

Update your browser: Security fixes for latest Chrome bugs

News, Security Update your browser: Security fixes for latest Chrome bugs Share December 1st, 2023 Hi everyone! The latest patches to the Opera, Opera GX, and Opera Crypto browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-6345. We recommend updating your...

9.6CVSS6.9AI score0.1963EPSS
Exploits4References1
Schneier on Security
Schneier on Security
added 2023/11/21 12:5 p.m.30 views

Email Security Flaw Found in the Wild

Googles Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this...

5.8CVSS7.3AI score0.59041EPSS
Exploits0
hivepro
hivepro
added 2023/10/20 12:47 p.m.49 views

A Longstanding Zero-Day in Citrix Devices Exploited Since August

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day exploit, identified as CVE-2023-4966, has been actively targeting critical vulnerabilities in Citrix NetScaler ADC/Gateway devices since late August 2023. This exploit has the potential...

5CVSS7.3AI score0.99999EPSS
Exploits15
GoogleProjectZero
GoogleProjectZero
added 2023/10/13 12:0 a.m.80 views

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...

8.8CVSS8.9AI score0.27076EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/12 2:45 p.m.22 views

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/29 2:54 p.m.74 views

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...

9.8CVSS6.8AI score0.86956EPSS
Exploits3
GithubExploit
GithubExploit
added 2023/08/28 2:48 p.m.93 views

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Vulnerable: WinRAR = 6.22 https://www.wi...

7.8CVSS7.3AI score0.97798EPSS
Exploits49
Malwarebytes
Malwarebytes
added 2023/08/10 11:45 p.m.34 views

Ransomware review: August 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/02 12:55 p.m.37 views

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/25 3:0 a.m.44 views

Update now! Apple fixes several serious vulnerabilities

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 | macOS Big Sur and macOS Monterey ---|--- iOS 16.6 and iPadOS 16.6 | iPhone 8 and later, iPad Pro...

6.8CVSS7.3AI score0.18185EPSS
Exploits1
Rows per page
Query Builder