Topic: zero-day exploitation
-
Chrome Zero-Day Used to Spread LeetAgent Spyware
A zero-day vulnerability in Google Chrome (CVE-2025-2783) was exploited via phishing in Operation ForumTroll, allowing attackers to escape Chrome's sandbox and deploy spyware developed by Memento Labs. The attack delivered LeetAgent spyware, which executed commands, stole files, and communicated ...
Read More » -
Urgent CISA Alert: Active Oracle Identity Manager RCE Exploits
A critical security vulnerability (CVE-2025-61757) in Oracle Identity Manager allows attackers to execute remote code without authentication by exploiting weaknesses in REST API security filters. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pat...
Read More » -
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More » -
Microsoft GoAnywhere Flaw Fuels Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform is being exploited by ransomware attackers, allowing remote access without user interaction. The cybercrime group Storm-1175, linked to Medusa ransomware, is actively using this flaw to gain initial access, deploy remot...
Read More » -
CISA Warns: Malware Kits Found in Ivanti EPMM Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified malware exploiting two vulnerabilities in Ivanti Endpoint Manager Mobile, enabling remote command execution. A China-linked espionage group has been actively using these vulnerabilities as zero-days since mid-May to e...
Read More » -
Urgent: NetScaler Zero-Day Exploit Actively Attacked (CVE-2025-7775)
Three critical vulnerabilities have been discovered in Citrix NetScaler ADC and Gateway devices, with CVE-2025-7775 already being actively exploited for remote code execution and denial of service. Citrix has released security updates for affected versions and strongly advises immediate patching,...
Read More » -
US Agencies Still Vulnerable to Critical Cisco Flaws
CISA issued an emergency directive for U.S. federal agencies to patch two actively exploited Cisco vulnerabilities (CVE-2025-20333 and CVE-2025-20362), as many devices were incorrectly reported as secure. These vulnerabilities enable remote code execution and privilege escalation, and are linked ...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
CISA Urges Immediate Patch for Samsung Spyware Zero-Day
A critical vulnerability (CVE-2025-21042) in Samsung smartphones allows attackers to install LandFall spyware via manipulated DNG images sent through WhatsApp, affecting Android 13 and newer devices. The spyware, exploited since July 2024, can steal sensitive data like contacts, messages, and loc...
Read More » -
Chinese Hackers Exploiting VMware Zero-Day Since 2025
A critical privilege escalation vulnerability (CVE-2025-41244) in Broadcom's VMware software has been actively exploited since October 2024, allowing attackers to gain root-level control over affected virtual machines. The exploitation has been attributed to UNC5174, a Chinese state-sponsored thr...
Read More » -
Cisco Hackers Use SNMP Flaw to Install Rootkit on Switches
Cybersecurity experts warn of a serious threat exploiting a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking hardware, allowing attackers with root access to install persistent rootkits. The campaign, named 'Operation Zero Disco', targets Cisco switches li...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Oracle Issues Urgent Patch for Critical E-Business Suite Flaw
Oracle has released an urgent security patch for a critical vulnerability (CVE-2025-61884) in its E-Business Suite, which can be exploited remotely without authentication to access confidential information. The vulnerability, with a CVSS score of 7.5, affects EBS versions 12.2.3 to 12.2.14, and O...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical CentOS Bug
A critical security flaw (CVE-2025-48703) in CentOS Web Panel allows unauthenticated attackers to execute arbitrary commands, prompting CISA to issue an urgent patch-or-discontinue directive by November 25. The vulnerability stems from improper handling of the 'changePerm' endpoint and unsanitize...
Read More » -
Dutch Orgs Hacked via Citrix Netscaler Flaw CVE-2025-6543
Dutch organizations were targeted by cyberattacks exploiting Citrix NetScaler vulnerability CVE-2025-6543, allowing remote code execution or denial-of-service, with breaches obscured by attackers. The flaw, a memory overflow issue in Citrix NetScaler systems, was exploited as a zero-day before pa...
Read More » -
Cl0p Gang Hits Oracle in Major Data Theft Campaign
The Cl0p ransomware gang exploited a zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite to exfiltrate data and send extortion emails to victims in August 2025. Oracle issued a security advisory for the vulnerability, which allows unauthenticated remote attackers to execute code vi...
Read More » -
Unpatched Fortra GoAnywhere Flaw Risks Full System Takeover
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform allows full system takeover via a deserialization flaw in the License servlet, requiring immediate patching. Exploitation necessitates access to the admin console, echoing a 2023 incident where exposed consoles led to w...
Read More » -
3,000+ Unpatched NetScaler Devices Vulnerable to CitrixBleed 2
Over 3,300 Citrix NetScaler systems remain unpatched against CVE-2025-5777 (CitrixBleed 2), exposing organizations to session hijacking and data theft despite available fixes. The flaw allows attackers to bypass authentication, intercept session tokens, and compromise credentials, with active exp...
Read More » -
Urgent: Actively Exploited FortiWeb Flaw Patched (CVE-2025-58034)
A critical OS command injection vulnerability (CVE-2025-58034) in FortiWeb firewalls is being actively exploited, allowing attackers to execute arbitrary commands via manipulated HTTP or CLI requests. The vulnerability affects multiple FortiWeb versions, and organizations must upgrade to patched ...
Read More »