zero-day – Page 6 – Experimental News Clipping Site

Cloud Blog: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)

Apr 3, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ Source: Cloud Blog Title: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) Feedly Summary: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and…

The Register: Why is someone mass-scanning Juniper and Palo Alto Networks products?

Apr 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/ Source: The Register Title: Why is someone mass-scanning Juniper and Palo Alto Networks products? Feedly Summary: Espionage? Botnets? Trying to exploit a zero-day? Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet,…

The Register: CISA spots spawn of Spawn malware targeting Ivanti flaw

Apr 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/01/cisa_ivanti_warning/ Source: The Register Title: CISA spots spawn of Spawn malware targeting Ivanti flaw Feedly Summary: Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according…

The Register: After Chrome patches zero-day used to target Russians, Firefox splats similar bug

Mar 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ Source: The Register Title: After Chrome patches zero-day used to target Russians, Firefox splats similar bug Feedly Summary: Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability,…

Hacker News: Blasting Past WebP – An analysis of the NSO BLASTPASS iMessage exploit

Mar 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html Source: Hacker News Title: Blasting Past WebP – An analysis of the NSO BLASTPASS iMessage exploit Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an in-depth analysis of the NSO Group’s zero-click exploit, known as BLASTPASS, which targets vulnerabilities in Apple’s iOS, specifically focusing on how manipulative content…

Slashdot: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky

Mar 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://slashdot.org/story/25/03/26/0143210/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recently patched sandbox escape vulnerability in Google Chrome, highlighting its implications in a targeted cyberespionage campaign. It underscores the importance of timely updates and security measures against such…

Hacker News: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial

Mar 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/ Source: Hacker News Title: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a dispute regarding Oracle Cloud’s denial of a security breach after an infosec researcher claims that sensitive data, including customer security keys and credentials,…

Hacker News: Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants

Mar 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants Source: Hacker News Title: Hack: 6M Records for Sale Exfiltrated from Oracle Cloud Affecting 140k+ Tenants Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a significant security incident involving a threat actor who extracted sensitive data from Oracle Cloud’s SSO and LDAP. The breach affects over 140,000 tenants…

Hacker News: Rocky Linux from CIQ – Hardened

Mar 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://ciq.com/products/rocky-linux/hardened Source: Hacker News Title: Rocky Linux from CIQ – Hardened Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses Rocky Linux from CIQ – Hardened, highlighting its optimizations for mission-critical environments with strict security requirements. It emphasizes advanced security features like memory corruption detection, kernel integrity checking, and robust…

Cisco Talos Blog: Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/tomorrow-and-tomorrow-and-tomorrow-information-security-and-the-baseball-hall-of-fame/ Source: Cisco Talos Blog Title: Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame Feedly Summary: In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting…

Tag: zero-day