Topic: zero-day vulnerabilities
-
Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits
Cisco has issued an urgent alert to patch two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affecting its ASA and FTD software. The company, aided by international cybersecurity agencies, also addressed a third critical flaw (CVE-2025-20363) but has not linked it...
Read More » -
Active Attacks Exploit Cisco ASA Zero-Day Flaws
A coordinated international cybersecurity alert warns of active attacks exploiting zero-day vulnerabilities in Cisco ASA and FTD software, attributed to a sophisticated, likely state-sponsored threat actor linked to previous ArcaneDoor campaigns. Two critical vulnerabilities (CVE-2025-20362 and C...
Read More » -
VMware patches critical ESXi zero-day bugs exploited at Pwn2Own
VMware released critical security updates for four vulnerabilities in ESXi, Workstation, Fusion, and Tools, originally exploited as zero-days during Pwn2Own Berlin 2025. Three high-severity flaws (CVSS 9.3) allow guest VM attackers to execute arbitrary code on the host, involving memory corruptio...
Read More » -
ArcaneDoor Hackers Renew Cisco Attacks with Stealthy Campaign
A sophisticated cyber-espionage campaign by the ArcaneDoor threat actor has compromised older Cisco ASA firewalls using zero-day vulnerabilities to implant malware and steal data. The attackers used advanced evasion techniques and modified the ROM Monitor to ensure persistence, but only older mod...
Read More » -
Windows 10 Gets Final Major Update as Windows 11 Takes the Spotlight
The final major update for Windows 10 has been released, as Microsoft shifts focus to Windows 11, with official support ending next month and users needing to upgrade or enroll in extended security services. The September update includes crucial security patches addressing 81 vulnerabilities, inc...
Read More » -
Apple Issues Spyware Attack Warning to Targeted Users
Apple has issued urgent warnings about sophisticated mercenary spyware attacks targeting high-profile individuals via zero-interaction exploits. These attacks exploit zero-day vulnerabilities, often without victim interaction, and primarily target journalists, activists, politicians, and official...
Read More » -
Vulnhuntr: Find Remotely Exploitable Vulnerabilities Fast
Vulnhuntr combines static code analysis with large language models (LLMs) to detect complex, multi-step vulnerabilities that traditional scanners miss by tracking data flow across applications. The tool systematically breaks down code analysis to overcome LLM context limitations, tracing user inp...
Read More » -
France Alerts Apple Users to Major New Spyware Threat
French cybersecurity authorities have issued urgent warnings to Apple users about a major new spyware threat, following alerts from Apple indicating potential device compromise. Affected users are advised to contact CERT-FR immediately, preserve Apple's notification email, and avoid altering thei...
Read More »