zero days Archives

Citrix offices, California — Citrix offices in Santa Clara, California. (Getty Images)

Citrix users hit by actively exploited zero-day vulnerability

The vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products.

3 days ago By Matt Kapko

Microsoft logo is seen in a Microsoft store on March 10, 2021, in New York.(Photo by John Smith/VIEWpress)

Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day

A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.

Jun 10, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Questions mount as Ivanti tackles another round of zero-days

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

May 28, 2025 By Matt Kapko

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

The company has addressed zero-day vulnerabilities for eight consecutive months without deeming any of them critical at the time of disclosure.

May 13, 2025 By Matt Kapko

SAP software is used throughout the Fortune 500. The company is dealing with a critical software bug disclosed this week. (Getty Images)

SAP zero-day vulnerability under widespread active exploitation

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

Apr 25, 2025 By Matt Kapko

Verizon discovers spike in ransomware and exploited vulnerabilities

Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.

Apr 23, 2025 By Matt Kapko

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Apr 8, 2025 By Matt Kapko

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple issues fixes for vulnerabilities in both old and new OS versions

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

Apr 1, 2025 By Matt Kapko

The Apple logo is seen on a window of the company’s store in Bangkok on March 5, 2021. (Photo by Mladen ANTONOV / AFP) (Photo by MLADEN ANTONOV/AFP via Getty Images)

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially…

Mar 11, 2025 By Greg Otto