zero-day exploit – Experimental News Clipping Site

Cloud Blog: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)

Apr 3, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ Source: Cloud Blog Title: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) Feedly Summary: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and…

Hacker News: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial

Mar 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/ Source: Hacker News Title: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a dispute regarding Oracle Cloud’s denial of a security breach after an infosec researcher claims that sensitive data, including customer security keys and credentials,…

Hacker News: Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants

Mar 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants Source: Hacker News Title: Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a significant security incident involving a threat actor who extracted sensitive data from Oracle Cloud’s SSO and LDAP. The breach affects over 140,000 tenants…

Cloud Blog: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

Mar 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/ Source: Cloud Blog Title: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers Feedly Summary: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser Introduction In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos…

The Register: China’s Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets

Mar 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/05/china_silk_typhoon_update/ Source: The Register Title: China’s Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets Feedly Summary: They’re good at zero-day exploits, too Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing…

Slashdot: Serbian Student’s Android Phone Compromised By Exploit From Cellebrite

Mar 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/03/01/019202/serbian-students-android-phone-compromised-by-exploit-from-cellebrite?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Serbian Student’s Android Phone Compromised By Exploit From Cellebrite Feedly Summary: AI Summary and Description: Yes Summary: The report illustrates a concerning case of a zero-day exploit utilized by a surveillance vendor against a student critic of the Serbian government, highlighting the ongoing threats to information security in civil…

Hacker News: An inside look at NSA tactics, techniques and procedures from China’s lens

Feb 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html Source: Hacker News Title: An inside look at NSA tactics, techniques and procedures from China’s lens Feedly Summary: Comments AI Summary and Description: Yes Summary: This text provides an in-depth exploration of allegations regarding NSA’s cyber operations as reported by Chinese cybersecurity entities, focusing on their tactics, techniques, and procedures (TTPs). It…

Slashdot: Apple Fixes Zero-Day Exploited In ‘Extremely Sophisticated’ Attacks

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://apple.slashdot.org/story/25/02/10/217213/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple Fixes Zero-Day Exploited In ‘Extremely Sophisticated’ Attacks Feedly Summary: AI Summary and Description: Yes Summary: Apple has issued urgent security updates for iOS 18.3.1 and iPadOS 18.3.1 to fix a critical zero-day vulnerability exploited in sophisticated targeted attacks. The flaw compromised the USB Restricted Mode, critical for data…

Hacker News: Google Fixes Android Kernel Zero-Day Exploited in Attacks

Feb 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://thedefendopsdiaries.com/google-fixes-android-kernel-zero-day-exploited-in-attacks/ Source: Hacker News Title: Google Fixes Android Kernel Zero-Day Exploited in Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: CVE-2024-53104 has emerged as a significant zero-day vulnerability within the Linux kernel, particularly impacting the USB Video Class driver, and presents severe risks to Android devices. The exploration of this flaw…

The Register: FortiGate config leaks: Victims’ email addresses published online

Jan 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/ Source: The Register Title: FortiGate config leaks: Victims’ email addresses published online Feedly Summary: Experts warn not to take leaks lightly as years-long compromises could remain undetected Thousands of email addresses included in the Belsen Group’s dump of FortiGate configs last week are now available online, revealing which organizations may have been…

Tag: zero-day exploit