zero days Archives

From left, Tanium’s Sam Kinch, GDIT’s Matt Hayden, the Commerce Department’s Ryan Higgins, and CISA’s Chris Butera take part in a panel discussion at a GDIT event on Sept. 4, 2025 in Washington, D.C. (Scoop News Group photo)

AI can help track an ever-growing body of vulnerabilities, CISA official says

Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday.

Sep 4, 2025 By Tim Starks

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said.

Aug 21, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

CrowdStrike warns of uptick in Silk Typhoon attacks this summer

The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring.

Aug 21, 2025 By Matt Kapko

A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn/Getty Images)

Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Aug 12, 2025 By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall firewalls hit by active mass exploitation of suspected zero-day

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Aug 5, 2025 By Matt Kapko

Members of the Peoples Liberation Army band leave after the closing session of the Chinese People’s Political Consultative Conference, or CPPCC, at the Great Hall of the People on March 10, 2025 in Beijing. (Photo by Kevin Frayer/Getty Images)

China accuses US of exploiting Microsoft zero-day in cyberattack

The accusation, the latest from Beijing, says U.S. intelligence agencies attacked two Chinese military enterprises.

Aug 1, 2025 By Tim Starks

Workers enter a building on the Google headquarters campus on July 23, 2025, in Mountain View, California. (Justin Sullivan/Getty Images)

Project Zero disclosure policy change puts vendors on early notice

Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.

Jul 30, 2025 By Matt Kapko

A sign is seen at Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder/Getty Images)

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

Jul 24, 2025 By Matt Kapko

(Photo by John Smith/VIEWpress/Getty Images)

Microsoft SharePoint zero-day attacks pinned on China-linked ‘Typhoon’ threat groups

Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.

Jul 22, 2025 By Matt Kapko

Mass attack spree hits Microsoft SharePoint zero-day defect

Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.

Jul 21, 2025 By Matt Kapko