0day

ZeroClick - Zero click attacks allow you to access a device without any action on the part of the user, i.e. no keystrokes or mouse clicks, which can trap even the most tech-savvy people.

Update quickly before hackers pave a cyberpath to your gadget. Following Microsoft's now-familiar Patch Tuesday, Google also released updates to address 50 security vulnerabilities in its Pixel devices and warned that one of them, tracked as CVE-2024-32896, is an escalation of privilege (EoP)...

This is the third zero gap in a week. How many more errors will be detected? Google released updates to address nine vulnerabilities in the Chrome browser, including a new zero-day vulnerability that is actively used by attackers. The vulnerability was identified as CVE-2024-4947 and is related...

Massive attacks on vulnerable routers are now a matter of time. SSD Secure Disclosure discovered vulnerabilities in the D-Link EXO AX4800 router (DIR-X4860) that allow you to take full control of the device. Flaws were found in DIR-X4860 routers with the latest firmware version...

An actively exploited vulnerability allows a hacker to gain control over the victim. Google released emergency security updates for the Chrome browser to address a zero-day vulnerability that is actively used in attacks. Vulnerability CVE-2024-4761 is related to the problem of writing data out...

Vulnerability CVE-2024-4671 has been fixed in the latest version. Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks. The vulnerability was identified as CVE-2024-4671...

How the policy is implemented in commercial software development. Users of the CrushFTP file transfer software are strongly encouraged to upgrade to the latest version after discovering a vulnerability that has been targeted. CrushFTP has warned that there is a zero-Day vulnerability in...

The developers explained what was going on – everything turned out to be much easier. Telegram has fixed a zero-day vulnerability in its Windows app that allowed it to bypass security warnings and automatically run Python scripts. This was announced by the developers after the spread of rumors...

We turn our vigilance to full – hackers will not miss their chance. Palo Alto Networks has reported an actively exploited critical zero-day vulnerability in the PAN-OS software used in the GlobalProtect software network gateways. The vulnerability, identified as CVE-2024-3400, is characterized...

Another Chrome bug cost specialists $42,500. Google has fixed a critical vulnerability in the Chrome browser that was discovered during the Pwn2Own 2024 competition in Vancouver. Vulnerability CVE-2024-3159 is related to an Out-of-bounds read error in the JavaScript V8 engine and can lead to...

Vulnerabilities CVE-2024-29745 and CVE-2024-29748 were actively exploited by digital forensics. Google fixed two critical zero-day vulnerabilities in its Pixel smartphones that allowed companies specializing in forensic analysis to unlock users ' phones without using a PIN code and gain access...

Google researchers have proposed a working strategy to reduce the level of malicious exploitation. A recent report from Google's cyber experts found that the number of zero-day exploits of vulnerabilities increased by 50% in 2023, reaching 97 cases compared to 62 in the previous year. Zero-day...

Upgrade your devices to avoid becoming another victim of hackers. Apple has released emergency security updates to address two zero-day vulnerabilities in iOS that have already been exploited in real attacks on the iPhone. The company announced this on March 5 in a separate security...

The new vulnerability renders security systems useless. A new Windows vulnerability, called EventLogCrasher, allows an attacker to remotely disable the event log service on devices in the same Windows domain. To do this, the attacker only needs to have a network connection to the target device...

The company did not have time to fix the old problems, as new ones were immediately discovered. Ivanti has released a number of patches for vulnerable Connect Secure (ICS) and Policy Secure (IPS) gateways. However, in parallel, the company discovered two new zero-day vulnerabilities, one of...

The massive exploitation of Ivanti vulnerabilities caused panic among federal agencies. Cybersecurity company Censys has discovered that hackers allegedly working for the Chinese government are massively exploiting critical vulnerabilities in Ivanti's virtual private networks (VPNs), gaining...

Apple has released updates to fix another bug in its products. Apple has released security updates for iOS, iPadOS, macOS, tvOS, and the Safari web browser to address a zero-day vulnerability that has been actively exploited. The Type Confusion vulnerability CVE-2024-23222 in the WebKit engine...

The vulnerability allows you to launch a chain of exploits. Google has released updates that fix four security issues in the Chrome browser, including the actively exploited zero-day vulnerability. Vulnerability CVE-2024-0519 is related to Out-of-bounds access in JavaScript V8 and WebAssembly...

Update today or continue to risk your data – the choice is up to users. Citrix strongly recommends that users immediately install patches on Netscaler ADC and Netscaler Gateway devices connected to the Internet to prevent attacks related to two new actively exploited zero-day vulnerabilities...

More and more hacker associations are using CVE-2023-46805 and CVE-2024-21887 in their attacks. Earlier this month, we covered zero-day vulnerabilities in Ivanti products. A recent analysis by Mandiant revealed that attackers used 5 different malware families in their attacks, including...