zero-day – Experimental News Clipping Site

The Register: Where it Hertz: Customer data driven off in Cleo attacks

Apr 15, 2025

—

by

Source URL: https://www.theregister.com/2025/04/15/hertz_cleo_customer_data/ Source: The Register Title: Where it Hertz: Customer data driven off in Cleo attacks Feedly Summary: Car hire biz takes your privacy seriously, though Car hire giant Hertz has confirmed that customer information was stolen during the zero-day data raids on Cleo file transfer products last year.… AI Summary and Description: Yes…

Cloud Blog: What’s new with Google Cloud networking

Apr 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/products/networking/networking-innovations-at-google-cloud-next25/ Source: Cloud Blog Title: What’s new with Google Cloud networking Feedly Summary: The AI era is here, fundamentally reshaping industries and demanding unprecedented network capabilities for training, inference and serving AI models. To power this transformation, organizations need global networking solutions that can handle massive capacity, seamless connectivity, and provide robust security. …

Krebs on Security: Patch Tuesday, April 2025 Edition

Apr 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/04/patch-tuesday-april-2025-edition/ Source: Krebs on Security Title: Patch Tuesday, April 2025 Edition Feedly Summary: Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical" rating, meaning malware…

Microsoft Security Blog: Exploitation of CLFS zero-day leads to ransomware activity

Apr 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/ Source: Microsoft Security Blog Title: Exploitation of CLFS zero-day leads to ransomware activity Feedly Summary: Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released…

Cloud Blog: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)

Apr 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ Source: Cloud Blog Title: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) Feedly Summary: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and…

The Register: Why is someone mass-scanning Juniper and Palo Alto Networks products?

Apr 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/ Source: The Register Title: Why is someone mass-scanning Juniper and Palo Alto Networks products? Feedly Summary: Espionage? Botnets? Trying to exploit a zero-day? Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet,…

The Register: CISA spots spawn of Spawn malware targeting Ivanti flaw

Apr 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/01/cisa_ivanti_warning/ Source: The Register Title: CISA spots spawn of Spawn malware targeting Ivanti flaw Feedly Summary: Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according…

The Register: After Chrome patches zero-day used to target Russians, Firefox splats similar bug

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ Source: The Register Title: After Chrome patches zero-day used to target Russians, Firefox splats similar bug Feedly Summary: Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability,…

Hacker News: Blasting Past WebP – An analysis of the NSO BLASTPASS iMessage exploit

Mar 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Source: Hacker News Title: Blasting Past WebP – An analysis of the NSO BLASTPASS iMessage exploit Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an in-depth analysis of the NSO Group’s zero-click exploit, known as BLASTPASS, which targets vulnerabilities in Apple’s iOS, specifically focusing on how manipulative content…

Slashdot: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky

Mar 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://slashdot.org/story/25/03/26/0143210/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recently patched sandbox escape vulnerability in Google Chrome, highlighting its implications in a targeted cyberespionage campaign. It underscores the importance of timely updates and security measures against such…

Tag: zero-day