Tag: zero-day vulnerability
-
Cisco Talos Blog: UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Source URL: https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/ Source: Cisco Talos Blog Title: UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware Feedly Summary: Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. AI Summary and Description: Yes **Summary:** The text describes the exploitation of a significant remote-code-execution…
-
Microsoft Security Blog: Marbled Dust leverages zero-day in Output Messenger for regional espionage
Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/ Source: Microsoft Security Blog Title: Marbled Dust leverages zero-day in Output Messenger for regional espionage Feedly Summary: Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output…
-
The Register: Emergency patch for potential SAP zero-day that could grant full system control
Source URL: https://www.theregister.com/2025/04/25/sap_netweaver_patch/ Source: The Register Title: Emergency patch for potential SAP zero-day that could grant full system control Feedly Summary: German software giant paywalls details, but experts piece together the clues SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.……
-
The Register: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Source URL: https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ Source: The Register Title: After Chrome patches zero-day used to target Russians, Firefox splats similar bug Feedly Summary: Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability,…
-
Cisco Talos Blog: Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame
Source URL: https://blog.talosintelligence.com/tomorrow-and-tomorrow-and-tomorrow-information-security-and-the-baseball-hall-of-fame/ Source: Cisco Talos Blog Title: Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame Feedly Summary: In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting…
-
The Register: Critical PostgreSQL bug tied to zero-day attack on US Treasury
Source URL: https://www.theregister.com/2025/02/14/postgresql_bug_treasury/ Source: The Register Title: Critical PostgreSQL bug tied to zero-day attack on US Treasury Feedly Summary: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.……