Lazarus Group strikes at kernel level via Windows AppLocker driver
Lazarus Group hackers broke into systems via a zero-day vulnerability in the Windows AppLocker driver and gained access at the kernel level. An enhanced version of their rootkit allowed them to disable security tools on affected systems.
According to Avast research, a zero-day vulnerability in t... Read more
Spyware industry develops most zero-days and governments promote it
Commercial spyware vendors appear to be the largest developers of zero-day vulnerabilities. Through these vulnerabilities, spyware such as Pegasus and Predator can be installed on devices worldwide. This was stated in a report by Google, in which the tech company is also calling for greater actions... Read more
Hackers can expand Mirai botnet by at least 7,000 devices
Hackers exploit two zero-day vulnerabilities to connect routers and surveillance cameras to a botnet. They then deploy the botnet for DDoS attacks. At least 7,000 devices are vulnerable.
Researchers at Akamai tracked down the zero-day vulnerabilities and warned of the danger in a blog on Tuesda... Read more
Atlassian patches highly critical zero-day in Confluence software
Atlassian recently released some emergency patches for a highly critical zero-day vulnerability in its Confluence DataCenter and Server software. Hackers have already exploited the vulnerability.
According to Atlassian, this zero-day vulnerability is part of Confluence DataCenter and Server inst... Read more
Apple fixes overheating issues for iPhone 15 and zero-day exploits
Apple recently released a number of updates to iOS 17 and iPadOS 17. Among them, the iPhone 15's overheating problem has been addressed and acute zero-day exploits have been fixed.
With a recent update to iOS 17.0.3, Apple addressed the iPhone 15's well-known overheating problem. Some other bugs... Read more
Chrome patch fixes yet another zero-day vulnerability
Google is releasing another fix for a zero-day vulnerability. The news marks the third time this year that hackers have exploited such vulnerabilities within the popular browser, raising concerns about its susceptibility to targeted attacks. Google acknowledged the existence of an exploit for CVE-2... Read more
Apple patches two dangerous zero-day vulnerabilities
Apple recently patched two zero-day vulnerabilities in iOS, iPadOS and macOS that allow cybercriminals to hack virtually any Apple device. These are WebKit and kernel vulnerabilities discovered by third parties.
The discovered zero-day vulnerabilities may already be actively exploited, Apple ind... Read more
New Microsoft Office zero-day used for PowerShell commands
Security experts recently found a zero-day vulnerability in Microsoft Office. The vulnerability allows malicious PowerShell commands to be executed by opening a Word document.
The vulnerability was named 'Follina' and registered as CVE-2022-30190. According to security experts, the vulnerabilit... Read more
Chrome and Edge were both hit by a V8 confusion vulnerability
Due to discovering a vulnerability with an exploit in the wild, Google is encouraging users on Windows, macOS, and Linux to upgrade their Chrome builds to version 99.0.4844.84.
Because of the vulnerability and its potential complications, Google is keeping quiet about specifics. "CVE-2022-1... Read more