zero-days Archives

SAP software is used throughout the Fortune 500. The company is dealing with a critical software bug disclosed this week. (Getty Images)

SAP zero-day vulnerability under widespread active exploitation

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

Apr 25, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

A view of the Google offices in New York City on May 19, 2020. (Photo by Ben Gabbe/Getty Images)

Google addresses 2 actively exploited vulnerabilities in security update

Serbian security services exploited one of the actively exploited vulnerabilities to break into the phone of a youth activist in Serbia, according to Amnesty International.

Apr 7, 2025 By Matt Kapko

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple issues fixes for vulnerabilities in both old and new OS versions

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

Apr 1, 2025 By Matt Kapko

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

Mar 20, 2025 By Matt Kapko

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

Mar 11, 2025 By Matt Kapko

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

The Vietnam-based group has grown more sophisticated since 2013, new research shows.

Feb 3, 2025 By Greg Otto

Screen of smartphone with icons. (Getty Images)

Android warns of Qualcomm exploit in latest security bulletin

The November security bulletin includes two CVE's reportedly exploited in the wild.

Nov 4, 2024 By Christian Vasquez

Director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency Jen Easterly prepares to testify at a House Select Committee on the Chinese Communist Party hearing on Capitol Hill in Washington, DC, on January 31, 2024. (Photo by Julia Nikhinson / AFP)

CISA orders Ivanti devices targeted by Chinese hackers be disconnected

An updated emergency directive includes instructions on how to bring affected devices back online securely.

Feb 1, 2024 By AJ Vicens

From left, the NSA’s Darren Turner, OMB’s Nick Polk and CISA’s Michael Duffy participate in a cybersecurity governance panel at ACT-IAC’s Imagine Nation ELC conference in Hershey, Pa., on Oct. 30, 2023. (Scoop News Group photo)

CISA sees increase in zero-day exploitation, official says

Michael Duffy, associate director for capacity building in CISA’s cybersecurity division, says that global zero-day exploits are “really affecting the federal government networks.”

Nov 3, 2023 By Matt Bracken