Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw enables remote attackers to obtain super-admin privileges by exploiting maliciously crafted CSF proxy requests.…
1574 search results for "zero, trust"
MobSF Framework Zero-Day Vulnerability Allows Attackers to Trigger DoS in Scan Results
A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms in the cybersecurity community. The vulnerability, which allows attackers to cause a partial Denial of Service (DoS) on scan results and the iOS Dynamic Analyzer functionality,…
Zero-Day Vulnerabilities in Microsoft Sysinternals Tools Enable DLL Injection Attacks on Windows
A significant zero-day vulnerability has been uncovered in Microsoft Sysinternals tools, posing a severe risk to Windows systems. These widely-used utilities, essential for IT administrators and developers, are now susceptible to DLL injection attacks due to flaws in their dynamic…
Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors
A detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in the strategies and objectives of APT28, a cyber-espionage group linked to Russia’s GRU military intelligence unit. Covering activities from 2022 to 2024, the report highlights APT28’s…
Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
Security researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This critical vulnerability, which remains unpatched and undisclosed by the vendor, has left over 1,500 devices…
Apple Security Update – Patch for iOS Zero-day, MacOS & More
Apple has responded to a newly discovered zero-day vulnerability affecting its operating systems by releasing an array of security updates to protect users from potential exploitation. The updates span iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Safari, demonstrating Apple’s commitment…
SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA)…
Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released
Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE). This flaw exploits a double-free bug in the ole32.dll library, putting millions of systems at risk with minimal…
Microsoft Patches Outlook Zero-Click RCE Exploited Via Email – Patch Now!
Microsoft issued a critical security patch addressing a newly discovered vulnerability in Outlook, designated as CVE-2025-21298. This flaw, characterized as a zero-click remote code execution (RCE) vulnerability, poses a significant risk to users by potentially allowing attackers to execute arbitrary…
Hackers Exploiting Fortinet Zero-day Vulnerability In Wild To Gain Super-Admin Privileges
A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is being actively exploited by hackers to gain super-admin privileges on affected devices. The authentication bypass flaw, tracked as CVE-2024-55591, allows remote attackers to execute unauthorized code or commands via…
Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability
A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the public internet. The attacks, observed by Arctic Wolf between November and December 2024, exploit what is believed to be a zero-day vulnerability, allowing unauthorized access and…
Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still, the botnet rapidly evolved through iterative development, including UPX polymorphic packing, integrating N-day vulnerabilities, and ultimately leveraging a 0-day vulnerability in Four-Faith industrial routers. By November…
Week in Review: Microsoft deactivation flaw, BeyondTrust on KEV, LLM generated malware
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, CISO in Residence Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you…
FlowerStorm attacks Microsoft 365, BeyondTrust on KEV, Ascension Health fallout
PaaS platform “FlowerStorm” attacking Microsoft 365 users CISA adds BeyondTrust flaw to its Known Exploited Vulnerabilities catalog Ascension Health ransomware attack impacted nearly 6 million people Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep…
Week in Review: Data breach impact study, US weighs TP-Link ban, BeyondTrust cyberattack
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks…
Amazon health malware, BeyondTrust suffers cyberattack, FortiNet wireless vulnerability
Android malware found on Amazon Appstore disguised as health app BeyondTrust suffers cyberattack Fortinet warns of critical flaw in Wireless LAN Manager Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night?…
Citrix Expands Platform Capabilities with DeviceTrust and Strong Network Acquisitions
< p style=”text-align: justify;”>Citrix, a business unit of Cloud Software Group, has acquired DeviceTrust and Strong Network to enhance the functionality of its platform. These acquisitions enable Citrix to offer more comprehensive access management and security solutions, expanding its…
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance…
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
The open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular—but expensive—Flipper Zero, a multifunctional tool for penetration testers, ethical…
Windows NTLM Zero-Day Vulnerability Exposes User Credentials
A critical zero-day vulnerability affecting all modern Windows Workstation and Server versions has been discovered. The flaw enables attackers to steal NTLM credentials with minimal user interaction, posing a significant security risk. It impacts systems from Windows 7 and Server…