Zero-day Exploit
Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10 ...
All eyes on mobile
Of all the data points contained in Zimperium’s recently released 2022 Global Mobile Threat Report, perhaps the most shocking is the spike in known cases of zero-day exploits being used in attacks ...
The Truth About Zero-day Vulnerabilities in Web Application Security
Zero-Day Vulnerabilities are highly valued in legitimate bug bounty programs and have earned bounties of up to USD 2 million. Since no patches or fixes exist, 0-day attacks/exploits are highly. The post ...
A Zoom zero-day exploit is up for sale for $500,000
Millions of people have moved onto the Zoom video-conferencing platform as the coronavirus pandemic has forced them to work from their homes. According to Zoom’s own statistics, its daily usage has soared ...
Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking
Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several ...
Windows VCF Zero-Day Exploit Allows Remote Code Execution
A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability ...
New Windows Zero-day Bug Allows Deleting Arbitrary Files
A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition ...
Researcher Drops Third Windows Zero-Day Exploit in Four Months
A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s ...
North Korean APT Group Targets Academia via Malicious Chrome Extensions
Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails ...
Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...