0-day Vulnerability Archives

New Google Chrome 0-day Vulnerability Exploited, Update Now

Google released a new patch that fixes 3 vulnerabilities; one among them is already exploited

In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of it being exploited means it should be implemented as soon as possible. It appears to be the first 0-day exploit in Chrome browser in 2024.… Continue reading New Google Chrome 0-day Vulnerability Exploited, Update Now

Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

A combo of two zero-day vulnerabilities in ICS poses a threat to the clients

Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in Ivanti software. Ivanti Connect Secure Zero-Day Exploited Ivanti, a prominent software company, recently issued a critical alert concerning its Connect Secure VPN appliances. These devices… Continue reading Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild

New Confluence Vulnerability Leads to Unauthorised Access

A new CVE-2023-22518 vulnerability allows hackers to perform access data on the server without any authorization

Another vulnerability in the flagship product of Atlassian corporation, Confluence, allows hackers to access the servers and dump the data. As the company claims, the issue sits in the improper authorization within the Data Center and Server apps. The company already offers the patches for this breach. Confluence Data Center and Server Vulnerability Leads to… Continue reading New Confluence Vulnerability Leads to Unauthorised Access

Exim Vulnerability Allows RCE, No Patches Available

A massively-popular solution for establishing mailing clients appears to have a critical vulnerability

Exim Internet Mailer, a program massively used as a basis for mailing servers, appears to have a remote code execution vulnerability. By overflowing the buffer, hackers can make the program execute whatever code they need. Despite several reports to the developer, the patch is still not available. What is Exim? Exim is a mail transfer… Continue reading Exim Vulnerability Allows RCE, No Patches Available

Citrix and Adobe Vulnerabilities Under Active Exploitation

Hackers are exploiting products from Adobe and Citrix, the Cybersecurity and Infrastructure Security Agency warned this week.

Citrix was able to patch a zero-day vulnerability, while Adobe warns of attacks using ColdFusion Zero-Day and releases an urgent update that nearly fixes the issue. Nonetheless, the story is still not over, as these vulnerabilities are still exploited. Citrix and Adobe Patch 0-day Vulnerabilities Simultaneously, products of two companies were hit with critical vulnerabilities… Continue reading Citrix and Adobe Vulnerabilities Under Active Exploitation

MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data

New vulnerability can grant hackers access to the web file storage

MOVEit managed file transfer (MFT) solution appears to contain a 0-day vulnerability, already exploited by hackers. Progress, the developer of the software solution, already released a note and security advisory regarding the case. What is MOVEit MFT? MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under… Continue reading MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data

New iOS Vulnerability Allows “Triangulation” Attack

New zero-click exploit is used by hackers to deploy Triangulation spyware

New iOS vulnerability allows executing a zero-click malware delivery through the built-in iMessage messenger. The breach was discovered by Kaspersky analytics team, and appears to touch almost every user of Apple smartphones. Experts dubbed the malware “Triangulation”. iOS Exploit Allows Zero-Click Infection Probably, the worst case scenario for any target of cyberattack is the infection… Continue reading New iOS Vulnerability Allows “Triangulation” Attack

MSMQ Vulnerability Allows Remote Code Execution

CVE-2023-21554 allows hackers to take over the crucial MSMQ process

Recent update released by Microsoft, an April Patch Tuesday, revealed a severe vulnerability in Microsoft Message Queueing mechanism. That vulnerability allows remote code execution after sending 1 (one) package through a specific port. What is Microsoft Message Queueing? Microsoft Message Queueing, or MSMQ, is an infrastructure element for sharing messages within a local network. At… Continue reading MSMQ Vulnerability Allows Remote Code Execution

Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

F5 warns of critical BIG-IP RCE vulnerability

0-day vulnerability, Vulnerabilities, F5 Inc, Security breach, Exploit,

F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability