0day

Selling a Custom Builder For New WinRar 0Day RCE Exploit. You can make your own infected .rar file with a hidden payload (virus, silent miner, stealer, etc) inside it that's hidden and undetected by AV's & Gmail etc so it can be sent as attachment. How it works : 1. User extracts / opens .rar...

The Five Eyes Alliance is recording a historic shift in hacker tactics. The cybersecurity agencies of the Five Eyes alliance countries (the United States, the United Kingdom, Australia, Canada, and New Zealand) have warned of an increase in the use of zero-day vulnerabilities to penetrate...

FortiManager becomes the entry point into the most sensitive systems. Fortinet has not disclosed information about the zero-day vulnerability for more than a week, despite reports that attackers are using it to execute malicious code on servers serving critical infrastructure. The company has...

Samsung has closed a dangerous vulnerability in its devices. Samsung has released a security update to address the CVE-2024-44068 vulnerability affecting devices based on Exynos processors. The error occurred in the m2m1shot_scaler0 driver, which is used to process images and videos, such as...

Why complex combinations of characters in a password are more important than ever. On September 10, 2024, Ivanti issued a security notice regarding a zero-day vulnerability in its Cloud Service Appliance (CSA) product. The bug didn't seem to be of much interest at first glance because...

Researchers have uncovered an unexpected mechanism for the spread of malicious code. Tenable has identified a serious vulnerability in Google Cloud Platform (GCP) Composer that could be used for remote code execution in real-world attacks. GCP Composer is a managed service for automating and...

Elastic Security Labs has revealed the details of the "LNK Stomping" attack. As part of its recent Patch Tuesday update, which we have already published a separate article about, Microsoft has fixed a zero-day vulnerability in the Windows Smart App Control and SmartScreen functions, which has...

The DPRK has found another way to earn cryptocurrency, penetrating the heart of the systems. North Korean hackers are exploiting a zero-day vulnerability in Google Chrome to gain control of systems and seize control of victims crypto assets. Microsoft experts have confirmed that the Citrine...

Experts have revealed the mechanism of remote code execution through office software. A South Korean cyberespionage group known as APT-C-60 has recently been linked to exploiting a critical zero-day vulnerability in the WPS Office office suite. This vulnerability allows attackers to remotely...

Hackers use security blind spots for stealthy attacks. In early 2024, the Chinese group Velvet Ant exploited a recently patched zero-day vulnerability in Cisco switches to gain control of devices and bypass threat detection systems. The CVE-2024-20399 vulnerability (CVSS score 6.7) allowed...

The problem was the third in a row in the V8 engine since the beginning of the year. Google has released security updates for its Chrome browser to address a serious zero-day vulnerability that is currently being actively exploited by attackers in real-world attacks. The issue, designated...

The vulnerability is waiting to be fixed, but for now, corporate services and home users are under attack. Microsoft has disclosed an uncorrected zero-day vulnerability in Office that leads to unauthorized disclosure of confidential information. The bug was also presented at the Def Con...

What the company offers if there are no fixes and no plans to do so. Cisco warned users about the presence of several zero-day vulnerabilities in the web management interface for Small Business SPA 300 and SPA 500 series IP phones, which have already been discontinued. Detected 0days allow an...

The problem affects all versions of the program before 18.12.15. You should not delay the update. A new vulnerability has been discovered in Apache OFBiz that allows attackers to remotely execute code on vulnerable instances of the program. The issue, known as CVE-2024-38856, was rated 9.8 on...

Learn how to keep your data safe. Recently, a serious vulnerability was discovered in the "CloudGuard Network Security" device from Check Point. This vulnerability was identified as CVE-2024-24919 and is characterized as a high-priority vulnerability. The problem lies in the fact that the...

The EvilVideo exploit allowed spreading viruses. ESET researchers have discovered a zero-day exploit targeting Telegram for Android. An exploit called EvilVideo went on sale on an underground forum on June 6, 2024. Attackers used this vulnerability to spread malicious files through Telegram...

ZeroClick - Zero click attacks allow you to access a device without any action on the part of the user, i.e. no keystrokes or mouse clicks, which can trap even the most tech-savvy people.

Update quickly before hackers pave a cyberpath to your gadget. Following Microsoft's now-familiar Patch Tuesday, Google also released updates to address 50 security vulnerabilities in its Pixel devices and warned that one of them, tracked as CVE-2024-32896, is an escalation of privilege (EoP)...

This is the third zero gap in a week. How many more errors will be detected? Google released updates to address nine vulnerabilities in the Chrome browser, including a new zero-day vulnerability that is actively used by attackers. The vulnerability was identified as CVE-2024-4947 and is related...

Massive attacks on vulnerable routers are now a matter of time. SSD Secure Disclosure discovered vulnerabilities in the D-Link EXO AX4800 router (DIR-X4860) that allow you to take full control of the device. Flaws were found in DIR-X4860 routers with the latest firmware version...