#zero-day-vulnerability

#zero-day-vulnerability

"The vulnerability is serious," said Johannes Ullrich, dean of research at the SANS Institute. "The root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components. The effect is similar to what an attacker could do with Office Macros. But Office Macros are typically blocked for documents downloaded from the internet. Microsoft implemented similar protections for OLE components, but this recent exploit found a way to bypass them."

Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system. The zero-day vulnerability was patched by Logitech following its release by the software platform vendor. The data likely included limited information about employees and consumers and data relating to customers and suppliers. Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system.

Another day, another zero-day, at least for Google Chrome. In an advisory released Monday, Google warned of a dangerous new security vulnerability affecting its popular browser. Fortunately, the latest update squashes the bug. Here are the details. Rated as a high security flaw, the zero day labeled CVE-2025-13223 is described as: "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."

The continued suppression of a report identifying serious vulnerabilities of the U.S. telecommunications sector undermines the public's understanding of these threats and stymies an important public debate on a path forward,

Suspected Chinese government-backed hackers have breached computer systems of U.S. law firm Williams & Connolly, which has represented some of America's most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack. The cyber intrusions have hit the email accounts of select attorneys at these law firms, as Beijing continues a broader effort to gather intelligence to support its multi-front competition with the U.S.

SonicWall has observed an increase in security incidents affecting its Generation 7 firewalls with VPN enabled, signaling potential exploitation of a new vulnerability.

SAP has released security updates addressing CVE-2025-42999, a zero-day vulnerability in NetWeaver, to ensure customer protection against ongoing attacks.