Apple fixes new iPhone zero-day bug used in Paragon spyware hacks

Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple says it has fixed the bug that was used to hack their phones. The Citizen Lab wrote in its report, shared with Read More …

Patch Tuesday – June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for Read More …

ConnectWise rotating code signing certificates due to security concerns

ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise Read More …

Cisco Releases Security Advisory Affecting Cisco Identity Service Engine

Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, Read More …

Android chipmaker Qualcomm fixes three zero-days exploited by hackers

Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, Read More …

Google Releases Security Updates for Chrome

Google has released version 137.0.7151.68/.69 for Chrome for Windows and Mac and 137.0.7151.68 for Chrome for Linux which will roll out over the coming days/weeks. The updates address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-5419 has a Read More …

Exploits and vulnerabilities in Q1 2025

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report Read More …

Santesoft Releases Security Update for Sante DICOM Viewer Pro

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability in Santesoft Sante DICOM Viewer Pro. Sante DICOM Viewer Pro is an application for viewing, processing, and editing DICOM-format medical Read More …

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). GTIG researchers divided the reviewed vulnerabilities Read More …

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released three security advisories to address two critical vulnerabilities in Firefox and Firefox ESR. CVE-2025-4918 is an ‘out-of-bounds access when resolving promise objects’ vulnerability. If exploited, could allow an attacker to perform an out-of-bounds read or write on Read More …