0day
Apple fixes new zero-day flaw exploited in targeted attacks
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when […]
Elastic rejects claims of a zero-day RCE flaw in Defend EDR
Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. The company’s statement follows a blog post from a company called AshES Cybersecurity claiming to have discovered a remote code execution (RCE) flaw in Elastic Defend that would allow an attacker to bypass EDR protections. Elastic’s […]
CISA warns of N-able N-central flaws exploited in zero-day attacks
CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able’s N-central remote monitoring and management (RMM) platform. N-central is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. According to CISA, the two flaws can allow […]
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Today is Microsoft’s August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. This Patch Tuesday also fixes thirteen “Critical” vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges. The number of bugs in each […]
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. RomCom (aka Storm-0978 and Tropical Scorpius) is a Russian cyberespionage threat group with a history in zero-day exploitation, including in Firefox (CVE-2024-9680, CVE-2024-49039) and Microsoft Office (CVE-2023-36884). ESET […]
Trend Micro warns of Apex One zero-day exploited in attacks
Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. Apex One is an endpoint security platform designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities. This critical security flaw (tracked as CVE-2025-54948 and CVE-2025-54987 depending on the CPU architecture) […]
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released
Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. The flaws are tracked as CVE-2025-54253 and CVE-2025-54254: Adobe has fixed the flaws in the latest versions as described in this advisory. The vulnerabilities […]
Lovense sex toy app flaw leaks private user email addresses
The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member’s email address simply by knowing their username, putting them at risk of doxxing and harassment. Lovense is an interactive sex toy manufacturer, best known for producing app-controlled sex toys with names like the Lush, […]
US nuclear weapons agency hacked in Microsoft SharePoint attacks
Unknown threat actors have breached the National Nuclear Security Administration’s network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a semi-autonomous U.S. government agency part of the Department of Energy that maintains the country’s nuclear weapons stockpile and is also tasked with responding to nuclear and radiological emergencies within the […]
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit chain (dubbed “ToolShell”) to breach dozens of organizations worldwide after hacking into their on-premise SharePoint servers. “We assess that at least one of the actors responsible for […]