0days
Why firewalls, VPNs and hypervisors are a hacker's new favourite target
TTPs and telemetry suggest a real focus on zero days and appliances by Chinese APTs.
malware
WinRAR zero-day used to pack in malware for targeted attacks
A months-long malware campaign was seen exploiting a zero-day flaw in WinRAR for spear-phishing attacks aimed at traders and finance professionals
News
CISA warns of attacks on .NET vulnerability
CISA has issued a warning over possible attacks on a denial-of-service vulnerability in .NET and Visual Studio, advising administrators to patch ASAP
0days
Ivanti patches second EPMM zero-day
Ivanti has kicked out an urgent patch for cve-2023-35081, a zero-day flaw in EPMM that is under active exploit in the wild
Kaspersky
Kaspersky iPhones hacked using zero click 0day
Apple: "We have never worked with any government to insert a backdoor into any Apple product and never will..."
Cybersecurity
Barracuda tells customers to dump infected email security appliances after breach
Customers were first hit in October 2022. End user telemetry flagged something remiss this month... IOCs and Yara rules now shared.
Cybersecurity
Patch Tuesday: Critical Windows TCP/IP vuln allows bad packets to gain pre-auth RCE, plus 0day
More than half the release involves RCE - time to get patching.
Cybersecurity
Is there a 0day in NGINX? F5 investigates claims, finds LDAP issues
NGINX owner F5 says it is investigating hacktivist group's claims...
Cybersecurity
Google patches exploited new Chrome 0day
The vulnerability, CVE-2022-1096, also affects other Chromium browsers.
Cybersecurity
0Day affecting Kubernetes, OpenShift demands urgent attention, gives root
CrowdStrike dubs it "cr8escape", admins should run crio —version
Cybersecurity
Adobe Reader under attack, Siemens, SAP, Microsoft also drop vital Patch Tuesday fixes.
Adobe Reader users on Windows have been actively attacked by hackers abusing a vulnerability patched today (May 11), the software company said, pushing out "multiple critical and important vulnerabilities." The use-after-free 0day (CVE-2021-28550) was reported anonymously to Adobe, which said it has been "exploited in the wild