Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- Oracle patches actively exploited zero-day vulnerability in E-Business Suite
October 6, 2025
Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with ...
- Apple fixes critical font processing bug – update now
September 30, 2025
Apple has released important security updates to address a critical vulnerability in FontParser—the part of MacOS/iOS/iPadOS that processes fonts. Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution. While Apple ...
- Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
September 30, 2025
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple other industries. SharePoint remains a widely deployed collaboration platform in federal, state, and local agencies, resulting ...
- Broadcom Releases Security Updates for VMware Aria Operations, Tools, and Cloud Foundation
September 30, 2025
Broadcom has released security updates to address vulnerabilities in VMware Aria Operations, Tools, and Cloud Foundation components of VMware products. The updates address 2 high severity and 1 medium severity vulnerabilities. CVE-2025-41244 – “Privilege defined with unsafe actions” vulnerability – CVSSv3 score of 7.8 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber ...
- CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices
September 25, 2025
Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies ...
- CVE-2025-10035 – Critical unauthenticated RCE in GoAnywhere MFT
September 19, 2025
On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that has been exploited in-the-wild in the past. In 2023, CVE-2023-0669 was exploited in-the-wild as a zero-day, ...