Knotweed threat actors have exploited Microsoft and Adobe 0-day vulnerabilities in targeted attacks against European and Central American customers. The actors also developed Subzero malware used in these attacks.
A four-year old Microsoft Azure App Service 0-day vulnerability dubbed “NotLegit” affects hundreds of source code repositories.
A security researcher has discovered a zero-day vulnerability CVE-2021-24084 in Windows Mobile Device Management that could allow information disclosure and local privilege escalation (LPE).
The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.
Cyber attackers have been exploiting Accellion File Transfer (FTA) appliance 0-day vulnerabilities to steal data and threaten their victims with extortion attempts.
Netgear has released firmware updates to fix a high severity remote code execution (RCE) vulnerability in multiple Netgear routers and other network devices. A remote attacker could exploit to take control of an affected device.
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 126.96.36.199, which allows the deletion of any server in the Setup page.
A group of hackers have been using compromised websites to launch watering hole attacks against iPhone users who visit the websites. The attacks also use five different exploit chains and exploit 0-day vulnerabilities that don’t require any user interaction.