zero days Archives

SAP software is used throughout the Fortune 500. The company is dealing with a critical software bug disclosed this week. (Getty Images)

SAP zero-day vulnerability under widespread active exploitation

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

Apr 25, 2025 By Matt Kapko

Verizon discovers spike in ransomware and exploited vulnerabilities

Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.

Apr 23, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Apr 8, 2025 By Matt Kapko

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple issues fixes for vulnerabilities in both old and new OS versions

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

Apr 1, 2025 By Matt Kapko

The Apple logo is seen on a window of the company’s store in Bangkok on March 5, 2021. (Photo by Mladen ANTONOV / AFP) (Photo by MLADEN ANTONOV/AFP via Getty Images)

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially…

Mar 11, 2025 By Greg Otto

New zero-day exploit targets Ivanti VPN product

After Ivanti detected the activity, Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

Jan 9, 2025 By Matt Bracken

Treasury sanctions Chinese cyber company, employee for 2020 global firewall attack

The department’s Office of Foreign Assets Control said Guan Tianfeng used a zero-day exploit to deploy malware on 81,000 firewalls.

Dec 10, 2024 By Matt Bracken

Chairman Michael Turner (R-OH) speaks at a hearing with the House (Select) Intelligence Committee in the Cannon Office Building on March 12, 2024 in Washington, DC. (Photo by Anna Moneymaker/Getty Images)

House Intel Republicans request FBI, SEC briefing on Temu

The members cited concerning news reports, including the exploitation of a zero-day vulnerability by parent company Pinduoduo in 2023.

Sep 25, 2024 By Derek B. Johnson

Mongolian guards stand guard in front of the Genghis Khan statue at the Government Palace in Ulaanbaatar on May 21, 2023. The hackers allegedly conducted watering hole attacks on Mongolian government websites.(Photo by LUDOVIC MARIN/AFP via Getty Images)

Google: apparent Russian hackers play copycat to commercial spyware vendors

The attack campaigns show how spyware tech companies have become more akin to nation-state threat actors.

Aug 29, 2024 By Tim Starks