Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices. The tech giant confirmed that both flaws were leveraged in extremely sophisticated attacks targeting specific individuals before iOS 26 was released. Critical WebKit…
1575 search results for "zero, trust"
Gemini Zero-Click Flaw Let Attackers Access Gmail, Calendar, and Google Docs
A critical vulnerability in Google Gemini Enterprise and Vertex AI Search, dubbed GeminiJack, that allows attackers to exfiltrate sensitive corporate data without any user interaction or security alerts. The flaw exploits an architectural weakness in how enterprise AI systems process and…
Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data
The flaw, dubbed ‘GeminiJack,’ exploits the trust boundary between user-controlled content in data sources and the AI model’s instruction processing This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Fixes Zero Click Gemini Enterprise Flaw That Exposed…
Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities Fixed and 3 Zero-days
Microsoft’s final Patch Tuesday of 2025 has been released, addressing 56 vulnerabilities across its product suite. The December update includes patches for three zero-day vulnerabilities, one of which is confirmed to be actively exploited in the wild. Among the resolved…
Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware
Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice database. It published…
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users worldwide. The vulnerabilities CVE-2025-48572…
Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, affect multiple Android versions and require immediate attention…
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure…
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky…
Chrome Zero-Day Type Confusion Flaw Actively Exploited in the Wild
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to millions of Chrome…
Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack
The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizations using…
Fortinet FortiWeb Zero-Day Exploited to Gain Full Admin Access
A critical zero-day vulnerability in Fortinet FortiWeb has been actively exploited in the wild, allowing attackers to gain complete administrator access without any prior authentication. The flaw affects Fortinet’s Web Application Firewall, which is designed to protect web applications from…
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data
In mid-2025, Secureworks Counter Threat Unit (CTU) researchers uncovered a sophisticated cyber campaign where Chinese state-sponsored threat actors from the BRONZE BUTLER group exploited a critical zero-day vulnerability in Motex LANSCOPE Endpoint Manager to gain unauthorized access to corporate networks…
Zero-Click Exploit Targets MCP and Linked AI Agents to Stealthily Steal Data
Operant AI’s security research team has uncovered Shadow Escape, a dangerous zero-click attack that exploits the Model Context Protocol to steal sensitive data through AI assistants. The attack works with widely used platforms, including ChatGPT, Claude, Gemini, and other AI…
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructure, combined with evidence of historical espionage activities dating back to 2019,…
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin Threat…
New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading
Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threat group has executed a series of…
Sotheby’s suffers cyberattack, Cisco “Zero Disco’ attacks, Microsoft revokes ransomware certificates
Sotheby’s suffers cyberattack Hackers exploit Cisco SNMP flaw in “Zero Disco’ attacks Microsoft revokes more than 200 certificates to disrupt ransomware campaign Huge thanks to our sponsor, Vanta What’s your 2 AM security worry? Is it “Do I have…
Microsoft Patch Tuesday October 2025 – 172 Vulnerabilities Fixed Along with 4 Zero-days
In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive security update targets…
Google Issues Alert on CL0P Ransomware Actively Exploiting Oracle E-Business Suite Zero-Day
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and…