#zero-day

[ follow ]
fromThe Hacker News
6 days ago

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

A critical CVE-2025-57819 FreePBX vulnerability enables unauthenticated arbitrary database manipulation and remote code execution; internet-exposed ACPs should be upgraded and restricted.
fromComputerWeekly.com
1 week ago

Apple iOS update fixes new iPhone zero-day flaw | Computer Weekly

A zero-day in Apple's ImageIO enables zero-click image-based memory-corruption exploits; iOS/iPadOS 18.6.2 adds improved bounds checking to mitigate active exploitation.
fromTheregister
1 week ago

Apple rushes out fix for active zero-day in iOS and macOS

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks. Logged as CVE-2025-43300, the bug is an out-of-bounds write issue in ImageIO, the component apps rely on to read and write standard image formats. Apple warned that the flaw could let miscreants hijack devices with a booby-trapped image - and for some iDevice users, it sounds like the damage has already been done.
Apple
fromIT Pro
2 weeks ago

Apple just released an emergency patch for a zero-day exploited in the wild - here's why you need to update now

Critical Image I/O zero-day (CVE-2025-43300) enables arbitrary code execution via malicious images on iPhone, iPad, and Mac; install the emergency update immediately.
fromTechCrunch
2 weeks ago

New zero-day startup offers $20 million for tools that can hack any smartphone | TechCrunch

A UAE-based startup offers up to $20 million for smartphone zero-day exploits, marketing powerful hacking tools to governments and intelligence agencies.
Privacy professionals
fromThe Hacker News
3 weeks ago

WinRAR Zero-Day Under Active Exploitation - Update to Latest Version Immediately

WinRAR released an update addressing CVE-2025-8088, a zero-day vulnerability causing path traversal and allowing arbitrary code execution.
fromZDNET
1 month ago

Microsoft fixes two SharePoint zero-days under attack, but one is still unresolved - how to patch

CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain.
Information security
fromTechzine Global
1 month ago

Hackers linked to China behind Microsoft SharePoint attack

Multiple attackers are exploiting the Microsoft SharePoint zero-day vulnerability, including state and non-state actors.
#cybersecurity
#chrome
[ Load more ]