zero-days Archives

Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

The tech giant addressed a record-high number of defects for the year in its latest update.

Oct 14, 2025 By Matt Kapko

The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS / AFP)

CISA says it observed nearly year-old activity tied to Cisco zero-day attacks

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

Sep 25, 2025 By Matt Kapko

DHS, Department of Homeland Security, cybersecurity, Cyber Storm — (Getty Images)

CISA alerts federal agencies of widespread attacks using Cisco zero-days

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.

Sep 25, 2025 By Matt Kapko

Sitecore zero-day vulnerability springs up from exposed machine key

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.

Sep 4, 2025 By Matt Kapko

Citrix offices, California — Citrix offices in Santa Clara, California. (Getty Images)

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

Aug 26, 2025 By Matt Kapko

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said.

Aug 21, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

CrowdStrike warns of uptick in Silk Typhoon attacks this summer

The China-affiliated espionage group, which CrowdStrike tracks as Murky Panda, has been linked to more than a dozen incident response cases since late spring.

Aug 21, 2025 By Matt Kapko

A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn/Getty Images)

Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

Aug 12, 2025 By Matt Kapko

DARPA’s AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching

The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part — putting the systems to the…

Aug 8, 2025 By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall firewalls hit by active mass exploitation of suspected zero-day

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

Aug 5, 2025 By Matt Kapko