Zero-day Archives - Page 3 of 5

Qualys impacted by Accellion FTA zero-day vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / March 4, 2021 / Accellion, CVE-2021-27101, FTA, Qualys, UNC25346, Vulnerabilities, Zero-day

Cybersecurity firm Qualys announced a “limited” number of their customers had been impacted by a data breach caused by an exploited Accellion FTA zero-day vulnerability on Qualys customer support systems.

Qualys impacted by Accellion FTA zero-day vulnerability Read More »

Google patches Chrome zero-day (CVE-2021-21166) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / March 3, 2021 / browser, Chrome, CVE-2021-21166, Microsoft, Zero-day

Google has released a new Chrome 89 security update (89.0.4389.72) for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day vulnerability CVE-2021-21166 exploited in the wild.

Google patches Chrome zero-day (CVE-2021-21166) exploited in the wild Read More »

Google patches Chrome zero-day (CVE-2021-21148) exploited in the wild

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / February 5, 2021 / browser, Chrome, Chrome 88, Zero-day

Google has released a new Chrome 88 security update (88.0.4324.150) for Windows, Mac and Linux with a fix for a zero-day vulnerability CVE-2021-21148 exploited in the wild.

Google patches Chrome zero-day (CVE-2021-21148) exploited in the wild Read More »

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Cybersecurity Articles, Cybersecurity Attacks, Data Breach, Security Updates & Patches, Third-Party Security / Frank Crast / December 30, 2020 / CISA, CVE-2020-10148, DHS, malware, SolarWinds, Sunburst, Supernova, Zero-day

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

DHS issues new emergency guidance on SolarWinds Orion Code compromise Read More »

Microsoft releases security update for Edge, zero-day exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 26, 2020 / CVE-2020-15999, Edge, Microsoft, Zero-day

Microsoft has released a security update for its Chromium-based Edge browser to address multiple vulnerabilities, one of those exploited in the wild (CVE-2020-15999).

Microsoft releases security update for Edge, zero-day exploited in the wild Read More »

Netgear fixes high risk vulnerability in multiple routers and network devices

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / June 30, 2020 / 0-day, GRIMM, NETGEAR, R6700, RCE, Router, ZDI, Zero-day

Netgear has released firmware updates to fix a high severity remote code execution (RCE) vulnerability in multiple Netgear routers and other network devices. A remote attacker could exploit to take control of an affected device.

Netgear fixes high risk vulnerability in multiple routers and network devices Read More »

Ripple20 zero-day vulnerabilities impact hundreds of millions of IoT devices

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / June 16, 2020 / Baxter, Digi, HP, Ripple20, Schneider Electric, Zero-day

Security researchers have identified a series of 19 zero-day vulnerabilities in a lightweight TCP/IP stack library used in many IoT products. The vulnerabilities dubbed Ripple20 likely impact hundreds of millions of IoT devices.

Ripple20 zero-day vulnerabilities impact hundreds of millions of IoT devices Read More »

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Security Updates & Patches, Zero-days / Frank Crast / March 24, 2020 / Adobe, ATM Library, CVE-2020-1020, Microsoft, PostScript, RCE, Zero-day

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated) Read More »

Chrome security update fixes zero-day exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / November 1, 2019 / Chrome, CVE-2019-13720, Google, Zero-day

Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.

Chrome security update fixes zero-day exploited in the wild Read More »

phpMyAdmin zero-day vulnerability (CVE-2019-12922)

Application Security, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 23, 2019 / 0-day, CSRF, phpMyAdmin, Zero-day

A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.

phpMyAdmin zero-day vulnerability (CVE-2019-12922) Read More »