#zero-day

[ follow ]
fromSecurityWeek
23 hours ago

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

Tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score of 6.5), the bugs impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The issues, Cisco explains, exist because user-supplied input in HTTP(S) requests is not properly validated, allowing a remote attacker to send crafted requests and execute arbitrary code with root privileges or access a restricted URL without authentication.
Information security
#chrome
Gadgets
fromTechCrunch
1 week ago

Samsung patches zero-day security flaw used to hack into its customers' phones | TechCrunch

Samsung fixed a zero-day in its image-display library that allowed remote planting of malicious code on devices running Android 13–16.
Information security
fromThe Hacker News
4 weeks ago

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

A critical CVE-2025-57819 FreePBX vulnerability enables unauthenticated arbitrary database manipulation and remote code execution; internet-exposed ACPs should be upgraded and restricted.
Information security
fromComputerWeekly.com
1 month ago

Apple iOS update fixes new iPhone zero-day flaw | Computer Weekly

A zero-day in Apple's ImageIO enables zero-click image-based memory-corruption exploits; iOS/iPadOS 18.6.2 adds improved bounds checking to mitigate active exploitation.
fromTheregister
1 month ago

Apple rushes out fix for active zero-day in iOS and macOS

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks. Logged as CVE-2025-43300, the bug is an out-of-bounds write issue in ImageIO, the component apps rely on to read and write standard image formats. Apple warned that the flaw could let miscreants hijack devices with a booby-trapped image - and for some iDevice users, it sounds like the damage has already been done.
Apple
Apple
fromIT Pro
1 month ago

Apple just released an emergency patch for a zero-day exploited in the wild - here's why you need to update now

Critical Image I/O zero-day (CVE-2025-43300) enables arbitrary code execution via malicious images on iPhone, iPad, and Mac; install the emergency update immediately.
Information security
fromTechCrunch
1 month ago

New zero-day startup offers $20 million for tools that can hack any smartphone | TechCrunch

A UAE-based startup offers up to $20 million for smartphone zero-day exploits, marketing powerful hacking tools to governments and intelligence agencies.
Privacy professionals
fromThe Hacker News
1 month ago

WinRAR Zero-Day Under Active Exploitation - Update to Latest Version Immediately

WinRAR released an update addressing CVE-2025-8088, a zero-day vulnerability causing path traversal and allowing arbitrary code execution.
fromZDNET
2 months ago

Microsoft fixes two SharePoint zero-days under attack, but one is still unresolved - how to patch

CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain.
Information security
#cybersecurity
[ Load more ]