SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents...

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770 - Zero-day exploitation in the wild of Microsof...

PT-2025-30160

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server affected versions not specified Description Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code ov...

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 CVSS score: 8.8, which has been described as an incorrect validation of untrusted input in...

Update your Chrome to fix new actively exploited zero-day vulnerability

Google has released an update for its Chrome browser to patch an actively exploited flaw. This update is crucial since it addresses an actively exploited vulnerability which can be exploited when the user visits a malicious website. It doesn’t require any further user interaction, which means the...

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 CVSS score: 8.1, has been described as a type confusion flaw in the V8 JavaScript and WebAssembly engine. "Type...

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now...

June 2025 Patch Tuesday: Microsoft Fixes 66 Bugs, Including Active 0-Day

June 2025 Patch Tuesday fixes 66 bugs, including a zero-day in WebDAV. Update Windows, Office, and more now to block active threats...

Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments

Cisco Talos warns of active exploitation of a zero-day vulnerability CVE-2025-0994 in Cityworks supposedly by Chinese hackers from…...

PT-2025-22356

Name of the Vulnerable Software and Affected Versions Rakessh Ads24 Lite versions through 1.0 Fortinet affected versions not specified Description A Reflected Cross-site Scripting issue exists in Rakessh Ads24 Lite. This allows for improper neutralization of input during web page generation...

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability CWE-121 in FortiVoice,...

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged...

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting...

Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure ICS. The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time,...

PT-2025-16958 · Undefined · Undefined

🗞️ Apple Patches Two Actively Exploited Zero-Days in iOS, iPadOS, and macOS Apple fixes two zero-day flaws CVE-2025-37059, CVE-2025-37060 actively exploited in iOS, iPadOS, and macOS, risking data theft and device compromise. Update to iOS 18.4, iPadOS 18.4, or macOS Sequoia https://t.co/DTLP2ZYYs...

Exploitation of CLFS zero-day leads to ransomware activity

Microsoft Threat Intelligence Center MSTIC and Microsoft Security Response Center MSRC have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System CLFS against a small number of targets. The targets include organizations in...