Zero-Day | KITEFALL

Emergency updates reveal extent of zero-day attacks on Google, Apple 2025-12-13 03:54 Samaa Google and Apple have rolled out emergency security updates after discovering zero-day vulnerabilities being actively exploited by hackers. The coordinated response points to a sophisticated cyber campaign, potentially involving government-backed actors. …
Tech Giants Issue Critical Patches After Zero-Day Exploits Target Users 2025-12-13 03:06 Zoom Bangla News Apple and Google have released urgent software updates. The patches fix critical security flaws that were actively exploited by hackers. The incidents occurred this week and impact users globally. The coordinated response highlights a sophisticated digital …
Apple iOS 26.2 Security Update Patches Actively Exploited Zero-Day Vulnerabilities 2025-12-13 03:06 Zoom Bangla News Apple has released critical security updates for its devices. The iOS 26.2, iPadOS 26.2, and macOS 26.2 updates were issued to the public. They address over twenty security vulnerabilities. Two of these flaws were actively exploited in targeted attacks. …
Google and Apple roll out emergency security updates after zero-day attacks 2025-12-12 21:06 TechCrunch Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the …
Google issues critical Chrome update to patch zero-day vulnerability 2025-12-12 19:34 Tom's Guide Hey, Chrome users, remember eight days ago when you had to update your browser because of a high-severity security risk? Well, it’s time to do it again! Google has issued another update after a new vulnerability was found exploited in the wild. Chrome …
Google fixed a new actively exploited Chrome zero-day 2025-12-12 01:13 Security Affairs Google fixed a new actively exploited Chrome zero-day Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome …
Critical Gogs zero-day under attack, 700 servers hacked 2025-12-12 01:13 Security Affairs Critical Gogs zero-day under attack, 700 servers hacked Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or …
Zero Day: 700 Instances of Self-Hosted Git Service Exploited 2025-12-11 23:13 Bank Information Security - New Jersey Cybercrime , Fraud Management & Cybercrime Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code Execution Mathew J. Schwartz (euroinfosec) • December 11, 2025 Image: Gogs An attacker has been exploiting a zero-day flaw in a popular, …
Google releases emergency fix for yet another zero-day 2025-12-11 21:41 TechRadar Google patched a high‑severity Chrome zero‑day alongside two medium‑severity flaws Vulnerability likely tied to a LibANGLE buffer overflow enabling memory corruption and remote code execution This marks Chrome’s eighth zero‑day fix this year, underscoring …
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks 2025-12-11 16:56 The Hacker News Dec 11, 2025Ravie LakshmananVulnerability / Cloud Security A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings …
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day 2025-12-10 20:47 Security Affairs Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates …
Microsoft fixes critical Office zero-day security flaw. Update ASAP! 2025-12-10 17:17 PC World News Microsoft fixed over 50 security vulnerabilities with December's big Patch Tuesday. One of them is already being actively exploited in the wild. Summary created by Smart Answers AI In summary: PCWorld reports that Microsoft released critical …
Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday 2025-12-10 00:49 The Register Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from Redmond. There's also a fix for a critical Notepad …
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day 2025-12-10 00:33 CyberScoop Microsoft addressed 57 vulnerabilities affecting its various products for business operations and core systems, including one actively exploited zero-day, the company said in its latest monthly security update. The zero-day vulnerability — CVE-2025-62221 — …
Microsoft patches Windows zero-day & risky Office flaws 2025-12-09 23:53 IT Brief - New Zealand Microsoft has released fixes for 54 security vulnerabilities in its latest monthly security update, including a Windows zero-day already exploited in the wild and Office flaws that can trigger remote code execution when emails are merely received. The …
Oracle EBS zero-day used by Clop to breach Barts Health NHS 2025-12-08 21:36 Security Affairs Oracle EBS zero-day used by Clop to breach Barts Health NHS Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day …
Barts Health NHS Reveals Data Breach Linked to Oracle Zero-Day Exploited by Clop Ransomware 2025-12-06 21:11 GBHackers Barts Health NHS Trust has disclosed a significant data breach affecting patient and staff information after the Cl0p ransomware gang exploited a critical vulnerability in Oracle E-Business Suite software. The criminal syndicate stole files from an invoice …
Microsoft Issues Unannounced Patch for Zero-Day LNK Vulnerability Used in Real-World Attacks 2025-12-05 13:10 International Business Times - United Kingdom Cybersecurity experts warn of a stealthy Microsoft patch addressing a long-exploited Windows LNK zero-day vulnerability, CVE-2025-9491, now mitigated in November 2025 updates. Threat actors, including state-sponsored groups, have weaponized this flaw for …
New iOS Zero-Day Exploit Chain Enables Advanced Surveillance by Mercenary Spyware 2025-12-05 03:01 GBHackers Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate with alarming sophistication. Intellexa, a prominent mercenary spyware provider known for its “Predator” surveillance tool, has adapted to evade …
Microsoft 'Mitigates' Windows LNK Flaw Exploited As Zero-Day 2025-12-04 19:42 Slashdot joshuark shares a report from BleepingComputer: Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this …
iOS Zero-Day Exploit Chain Leveraged by Mercenary Spyware for Device Surveillance 2025-12-04 13:39 Cyber Security News A new iOS zero-day exploit chain has been linked to mercenary spyware used for silent device surveillance against high‑risk users. The operation, attributed to the commercial surveillance vendor Intellexa, chains multiple previously unknown flaws to move …
Windows 11 zero-day security vulnerability gets partial fix from Microsoft 2025-12-04 00:51 How-To Geek Microsoft has quietly rolled out a partial mitigation for the high-severity Windows LNK vulnerability, CVE-2025-9491, which multiple state-sponsored groups and cybercrime gangs have been exploiting as a zero-day. This security flaw lets attackers hide …
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability 2025-12-03 18:48 GBHackers The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from …
Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild 2025-12-03 05:09 Infosecurity Magazine In its latest Android Security Bulletin, Google disclosed 107 zero-day vulnerabilities affecting elements of its mobile operating system and any system relying on the open source version of it, Android Open Source Project (AOSP). The advisory, published on …
Google's December Security Update Fixes Two Zero-Day Exploits (and 105 Others) 2025-12-02 19:47 Lifehacker - Massachusetts In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been exploited in the wild. The December patch covers 107 bugs …
Google Fixes Android Zero-Day Flaws Actively Exploited in the Wild 2025-12-02 12:50 GBHackers Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulletin, …
What are zero-day attacks and why do they work? 2025-12-01 17:42 CSO Zero-day attacks have become a significant concern in the realm of cybersecurity, posing a formidable challenge to individuals and organizations alike. These attacks exploit vulnerabilities that are unknown to the software vendor, leaving systems exposed …
Google Chrome Security Update — 7 Zero-Day Reasons To Restart Browser 2025-11-27 15:12 Forbes Why you must keep your Google Chrome browser updated. Photothek via Getty Images Google does a great job of issuing security warnings, from the threats posed by malicious VPNs to the steps taken to protect Gmail accounts against ongoing hack attacks. While …
The Twenty-Five Hour Gap: Inside Mozilla’s High-Stakes Race to Patch a Critical Zero-Day Threatening 180 Million Users 2025-11-26 14:00 WebProNews In the high-stakes theater of browser security, the window between discovery and disaster is often measured in days or weeks. However, earlier this month, the engineers at the Mozilla Foundation found themselves staring down a timeline measured in hours. A …
Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet 2025-11-25 07:37 iTWire GUEST OPINION: The recent GTG-1002 campaign is not just another breach - it is a watershed moment in offensive cyber operations. For decades, cybersecurity was a game of time, where human attackers needed days or weeks to weaponise code, giving breathing …
Oracle’s Identity Fortress Crumbles: CISA Sounds Alarm on Zero-Day RCE Onslaught 2025-11-25 00:24 WebProNews In a stark reminder of the fragility underlying enterprise identity systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV …
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse 2025-11-24 19:27 The Register CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released. The …
Cox Enterprises Data Breach: Cl0p Exploits Oracle Zero-Day Flaw 2025-11-24 17:11 WebProNews The Silent Siege: Cox Enterprises’ Oracle Breach and the Shadowy World of Zero-Day Exploits In the ever-evolving landscape of cybersecurity, where vulnerabilities lurk in the most trusted software suites, Cox Enterprises has become the latest high-profile …
Oracle OIM zero‑day: Pre‑auth RCE forces rapid patching across enterprises 2025-11-24 15:11 CSO Researchers found that appending query strings like “?WSDL” or path parameters like “;.wadl” to protected endpoints ( like “/iam/governance/applicationmanagement/templates;.wadl”), would cause “SecurityFilter” in OIM’s web.xml to treat the …
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability 2025-11-22 08:23 The Hacker News Nov 22, 2025Ravie LakshmananZero-Day / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, …
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits 2025-11-21 19:10 GBHackers North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this …
North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide 2025-11-21 19:08 Cyber Security News Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus groups are working together to steal sensitive intelligence and cryptocurrencies …
Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment 2025-11-20 21:46 CSO “If the patch had mentioned the zero-day vulnerability, organizations may have understood it to be urgent rather than routine and scheduled for the next maintenance window,” agreed Amruth Laxman, founding partner of cloud VoIP provider 4Voice. He believed …
Fortinet admits it found another worrying zero-day being exploited in attacks 2025-11-20 18:28 TechRadar Pro Fortinet patched FortiWeb flaw CVE-2025-58034, enabling OS command injection attacks Vulnerable versions span 7.0.0–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.10, 7.6.0–7.6.5, 8.0.0–8.0.1 Actively exploited in the wild, with ~2,000 attack attempts already detected …
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet 2025-11-20 00:20 Security Affairs New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS …
Google Chrome Users Warned: New Zero-Day Flaw Requires Update ASAP 2025-11-19 21:54 Android Headlines Google has issued a new security alert for Chrome, confirming the discovery of a new zero-day flaw. Attackers have already tried to exploit it. The flaw, labeled as CVE-2025-13223, affects the older Chrome versions. The tech giant has rolled out the patch, …
Google patches worrying Chrome zero-day flaw being exploited in the wild - here's how to stay safe 2025-11-19 19:38 TechRadar Google patches Chrome zero-day CVE-2025-13223 in V8 engine Bug enabled arbitrary code execution, likely exploited by state-sponsored threat actors Users should update Chrome to version 142.0.7444.175/.176 across platforms Google has patched a worrying …
Update Chrome ASAP - attackers are already exploiting this nasty zero-day flaw 2025-11-19 15:23 ZDNet Kyle Kucharski/ZDNETFollow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways A new zero-day vulnerability affects Google Chrome. The flaw has already been exploited in the wild. The zero-day could allow attackers to run malicious …
Logitech Confirms Cl0p Extortion Attack Linked to Third-Party Zero-Day 2025-11-19 14:59 SecureWorld Logitech has confirmed a data breach following an intrusion attributed to the Cl0p ransomware gang, marking the latest high-profile victim in an ongoing wave of data-theft attacks targeting enterprise software and supply-chain platforms. In a Form 8-K …
Google rushes to patch another zero-day flaw after active attacks 2025-11-19 11:04 Bangkok Post Google has released an urgent security update for its Chrome browser after detecting a new zero-day vulnerability that is being actively exploited on the internet. Identified as CVE-2025-13223, it is the seventh zero-day flaw of 2025 that has forced the …
Logitech Breach Validates Fears: Oracle EBS Zero-Day Is Triggering a Supply-Chain Meltdown 2025-11-19 07:56 Information Security Buzz Logitech has confirmed it suffered a data-theft breach tied to a zero-day in a third-party platform, days after the Clop extortion gang published almost 1.8 terabytes of data allegedly stolen from the company. In a Form 8-K filed with the U.S. Securities …
More work for admins as Google patches latest zero-day Chrome vulnerability 2025-11-18 19:10 CSO Normally, enterprises patch every eight weeks on the Extended Stable Channel (ESC), allowing plenty of time for testing. In contrast, patches for zero-day vulnerabilities will usually be applied manually within days. “For enterprise admins, the toll is …
Critical Chrome zero-day flaw fixed by Google — update your browser right now 2025-11-18 18:53 Tom's Guide In a security advisory published on Monday, Google released details about an emergency security update that was issued to fix the seventh zero-day vulnerability exploited in attacks against Chrome this year. The zero-day in question (tracked as CVE-2025- …
Google patches yet another exploited Chrome zero-day (CVE-2025-13223) 2025-11-18 15:37 Help Net Security Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript and …
Hackers steal 1.8 terabytes of data from PC peripheral vendor Logitech — firm says zero-day vulnerability to blame, no sensitive information stolen 2025-11-18 14:49 Tom's Hardware Logitech is one of the biggest PC accessories manufacturers in the world, producing everything from keyboards and mice to audio products, alongside owning independent subsidiaries like Astro and Ultimate Ears. Unfortunately, gaps in cybersecurity can often …