Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
50 résultats taggé 0-day  ✕
CV_2025_03_1: Critical Webserver Vulnerability https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html
08/05/2025 09:22:55
QRCode
archive.org

A vulnerability has been identified and remediated in all supported versions of the Commvault software. Webservers can be compromised through bad actors creating and executing webshells.

Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credential

commvault EN vulnerability 0-day CVE-2025-3928
Apple Drops Another WebKit Zero-Day Bug https://www.darkreading.com/mobile-security/apple-drops-another-webkit-zero-day-bug
17/03/2025 09:17:49
QRCode
archive.org

For the third time in as many months, Apple has released an emergency patch to fix an already exploited zero-day vulnerability impacting a wide range of its products.

The new vulnerability, identified as CVE-2025-24201, exists in Apple's WebKit open source browser engine for rendering Web pages in Safari and other apps across macOS, iOS, and iPadOS. WebKit is a frequent target for attackers because of how deeply integrated it is with Apple's ecosystem.

darkreading EN 2025 CVE-2025-24201spyware Apple vulnerability 0-day WebKit
Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773
23/10/2024 09:53:22
QRCode
archive.org

Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.

doublepulsar EN 2024 FortiJump FortiManager vulnerability 0-day medium
Telegram zero-day allowed sending malicious Android APKs as videos https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/
23/07/2024 08:23:54
QRCode
archive.org
thumbnail

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

bleepingcomputer EN 2024 0-day Computer APK EvilVideo Telegram Mobile Zero-Day InfoSec Android Vulnerability
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/
25/04/2024 07:48:55
QRCode
archive.org
thumbnail

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

wired EN 2024 0-day vulnerabilities security cisco cybersecurity china hacking ArcaneDoor
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
25/03/2024 19:11:13
QRCode
archive.org

In April 2021 I participated in Pwn2Own Vancouvver competition as a single player, and successfully demonstrated a 0-day virtual machine escape exploit with code execution on Parallels hypervisor. Today I am finally releasing the exploit source code together with a technical walkthrough video talk that I gave on Zero Day Engineering livestream in November 2021.

zerodayengineering EN 2024 exploit 2021 0-day Parallels Pwn2Own VM escape
CVE-2023-46805 https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis
16/01/2024 14:39:31
QRCode
archive.org
thumbnail

Starting January 10, 2024, multiple parties (Ivanti, Volexity, and Mandiant) disclosed the existence of a zero-day exploit chain affecting Ivanti Connect Secur…

attackerkb EN 2023 CVE-2023-46805 Ivanti 0-day API
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
11/01/2024 08:45:03
QRCode
archive.org
thumbnail

Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.

volexity EN 2023 CVE-2024-21887 Ivanti CVE-2023-46805 PulseSecure VPN 0-day
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances https://thehackernews.com/2023/12/chinese-hackers-exploited-new-zero-day.html?m=1
30/12/2023 14:06:24
QRCode
archive.org
thumbnail

Chinese threat actors exploited a new zero-day vulnerability in Barracuda's Email Security Gateway (ESG) appliances.

thehackernews EN 2023 0-day network hacker vulnerability ESG CVE-2023-7102 appliance Barracuda
Xfinity waited to patch critical Citrix Bleed 0-day. Now it’s paying the price https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/
20/12/2023 20:46:07
QRCode
archive.org
thumbnail

Data for almost 36 million customers now in the hands of unknown hackers.

arstechnica EN 2023 Citrix-Bleed 0-day Xfinity data-breach
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet | Ars Technica https://arstechnica.com/security/2023/11/thousands-of-routers-and-cameras-vulnerable-to-new-0-day-attacks-by-hostile-botnet/
24/11/2023 13:49:34
QRCode
archive.org
thumbnail

Internet scans show 7,000 devices may be vulnerable. The true number could be higher.

arstechnica EN 2023 0-day routers cameras mirai
Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
16/11/2023 18:01:57
QRCode
archive.org
thumbnail

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

blog.google EN 2023 Zimbra 0-day government TAG exploit XSS CVE-2023-37580
SysAid Zero-Day Vulnerability Exploited by Ransomware Group https://www.securityweek.com/sysaid-zero-day-vulnerability-exploited-by-ransomware-group/
09/11/2023 10:56:04
QRCode
archive.org
thumbnail

CVE-2023-47246, a zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates.

securityweek EN 2023 SysAid CVE-2023-47246 0-day
ZDI-23-1578 | Zero Day Initiative https://www.zerodayinitiative.com/advisories/ZDI-23-1578/?s=09
04/11/2023 09:38:18
QRCode
archive.org

(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

zerodayinitiative EN 2023 0-Day Microsoft Exchange ChainedSerializationBinder Deserialization RCE
Hackers exploit critical flaw in WordPress Royal Elementor plugin https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-wordpress-royal-elementor-plugin/
17/10/2023 21:47:36
QRCode
archive.org
thumbnail

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.

bleepingcomputer EN 2023 WordPress Zero-Day Elementor 0-Day CVE-2023-5360
CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center https://www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/
04/10/2023 22:04:13
QRCode
archive.org
thumbnail

On 10/4/2023, Atlassian published a security advisory on CVE-2023-22515, a privilege escalation vulnerability affecting Confluence Server & Data Center.

rapid7 EN 2023 Atlassian Confluence cve-2023-22515 0-Day
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html
23/09/2023 10:30:59
QRCode
archive.org
thumbnail

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.

"The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.

thehackernews EN 2023 0-day 0-days Predator Egypt Apple CitizenLab CVE-2023-41991 CVE-2023-41992 CVE-2023-41993
Apple emergency updates fix 3 new zero-days exploited in attacks https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/
22/09/2023 00:05:09
QRCode
archive.org
thumbnail

Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.

bleepingcomputer Apple iPhone Mac EN 2023 0-day CVE-2023-41993 CVE-2023-41991
North Korea-backed hackers target security researchers with 0-day https://arstechnica.com/security/2023/09/north-korea-backed-hackers-target-security-researchers-with-0-day/
11/09/2023 23:03:12
QRCode
archive.org
thumbnail

Google researchers say currently unfixed vulnerability affects a popular software package.

arstechnica EN 2023 North-Korea security researchers 0-day popular software
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation
29/08/2023 21:02:01
QRCode
archive.org
thumbnail

UNC4841 has continued operations despite Barracuda ESG zero-day remediation efforts.

mandiant EN 2023 UNC4841 Barracuda ESG 0-day CVE-2023-2868
page 1 / 3
4261 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio