0days - The Stack

The Stack

Sign in Subscribe

0days

A collection of 11 posts

Why firewalls, VPNs and hypervisors are a hacker's new favourite target

Why firewalls, VPNs and hypervisors are a hacker's new favourite target

TTPs and telemetry suggest a real focus on zero days and appliances by Chinese APTs.

WinRAR zero-day used to pack in malware for targeted attacks

WinRAR zero-day used to pack in malware for targeted attacks

A months-long malware campaign was seen exploiting a zero-day flaw in WinRAR for spear-phishing attacks aimed at traders and finance professionals

CISA warns of attacks on .NET vulnerability

CISA warns of attacks on .NET vulnerability

CISA has issued a warning over possible attacks on a denial-of-service vulnerability in .NET and Visual Studio, advising administrators to patch ASAP

Ivanti patches second EPMM zero-day

Ivanti patches second EPMM zero-day

Ivanti has kicked out an urgent patch for cve-2023-35081, a zero-day flaw in EPMM that is under active exploit in the wild

kaspersky iphones hacked iphone zero day

Kaspersky iPhones hacked using zero click 0day

Apple: "We have never worked with any government to insert a backdoor into any Apple product and never will..."

Barracuda tells customers to dump infected email security appliances after breach

Barracuda tells customers to dump infected email security appliances after breach

Customers were first hit in October 2022. End user telemetry flagged something remiss this month... IOCs and Yara rules now shared.

Patch Tuesday: Critical Windows TCP/IP vuln allows bad packets to gain pre-auth RCE, plus 0day

Patch Tuesday: Critical Windows TCP/IP vuln allows bad packets to gain pre-auth RCE, plus 0day

More than half the release involves RCE - time to get patching.

Is there a 0day in NGINX? F5 investigates claims, finds LDAP issues

Is there a 0day in NGINX? F5 investigates claims, finds LDAP issues

NGINX owner F5 says it is investigating hacktivist group's claims...

Google patches exploited new Chrome 0day

Google patches exploited new Chrome 0day

The vulnerability, CVE-2022-1096, also affects other Chromium browsers.

0Day affecting Kubernetes, OpenShift demands urgent attention, gives root

0Day affecting Kubernetes, OpenShift demands urgent attention, gives root

CrowdStrike dubs it "cr8escape", admins should run crio —version

Adobe Reader under attack, Siemens, SAP, Microsoft also drop vital Patch Tuesday fixes.

Adobe Reader under attack, Siemens, SAP, Microsoft also drop vital Patch Tuesday fixes.

Adobe Reader users on Windows have been actively attacked by hackers abusing a vulnerability patched today (May 11), the software company said, pushing out "multiple critical and important vulnerabilities." The use-after-free 0day (CVE-2021-28550) was reported anonymously to Adobe, which said it has been "exploited in the wild