Zero-Day | KITEFALL

Patch Tuesday: Microsoft Patches 78 Vulnerabilities, 5 Zero-Day Flaws 2025-05-15 15:37 TechRepublic Image: iStockphoto/JulieVMac Microsoft’s May Patch Tuesday security update addressed 78 flaws, including five actively exploited zero-day flaws. Two additional zero-day vulnerabilities were publicly disclosed before patches became available. Five flaws …
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers 2025-05-15 11:50 The Hacker News A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new …
Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild 2025-05-15 07:08 GBHackers Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux. This update elevates Chrome to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. The …
Microsoft’s ‘Patch Tuesday’ Update Fixes Seven Zero-Day Exploits 2025-05-14 19:52 Lifehacker - Massachusetts Microsoft has released its latest monthly Patch Tuesday update, this time offering fixes for 72 security vulnerabilities across its systems. Five of the malicious bugs addressed are zero-days that have been actively exploited, and two have been publicly …
SAP patches recently exploited zero-day in wake of NetWeaver server attacks 2025-05-14 15:30 TechRadar Pro SAP fixed CVE-2025-42999, a 9.1/10 vulnerability in NetWeaver This one was chained with CVE-2025-31324, which was fixed in April Fortune 500 companies are apparently at risk SAP has patched a critical-severity zero-day vulnerability in NetWeaver server …
Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild 2025-05-14 10:18 GBHackers Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild. Released on May 13, 2025, the vulnerabilities-identified as CVE-2025-32706 and CVE-2025-32701- …
Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure 2025-05-14 10:18 GBHackers EclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat actors launched a high-tempo …
Fortinet fixed actively exploited FortiVoice zero-day 2025-05-14 09:16 Security Affairs Fortinet fixed actively exploited FortiVoice zero-day Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a …
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems 2025-05-14 09:14 The Hacker News May 14, 2025Ravie LakshmananVulnerability / Network Security Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025- …
Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild 2025-05-14 03:12 GBHackers A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. A critical zero-day vulnerability in FortiVoice systems is being …
Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day 2025-05-14 03:11 Cyber Security News Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, …
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit 2025-05-14 01:09 Infosecurity Magazine A cyber threat actor believed to align with Turkish government interests has been observed exploiting user accounts that have not applied fixes to a vulnerability (CVE-2025-27920) in Output Messenger, a multiplatform chat solution. The campaign was …
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) 2025-05-14 01:09 Help Net Security Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-2025- …
Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on 2025-05-14 00:25 CSO There is one interesting already exploited vulnerability, he said: CVE-2025-30397. This vulnerability (detailed above by Walters) is only exploitable if Microsoft Edge is operating in “Internet Explorer” mode. By default, Edge is not running in Internet …
Espionage Group Exploits Zero-Day in Output Messenger Targeting Kurdish Forces 2025-05-13 23:22 Redmond Magazine News Espionage Group Exploits Zero-Day in Output Messenger Targeting Kurdish Forces By Chris Paoli 05/13/2025 A new report by the Microsoft Threat Intelligence team has provided details on an espionage group based out of Turkey that has been …
Turkish Group Hacks Zero-Day Flaw to Spy on Kurdish Forces 2025-05-13 23:20 Bank Information Security - New Jersey 3rd Party Risk Management , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Microsoft Researchers Link Turkish Spy Group to Output Messenger Zero-Day Hack Chris Riotta (@chrisriotta) • May 13, 2025 Turkish hackers used a …
Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday 2025-05-13 20:52 SecurityWeek Microsoft on Tuesday released security patches covering at least 70 vulnerabilities across the Windows OS and software stack and called urgent attention to five zero-days marked in the “exploitation detected” category. As part of the scheduled batch of …
Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying 2025-05-13 18:23 SecurityWeek A Turkey-affiliated threat actor has been observed exploiting a zero-day vulnerability in Output Messenger against entities associated with the Kurdish military in Iraq, Microsoft reports. The hacking group, tracked as Marbled Dust, Sea Turtle, and UNC1326 …
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq 2025-05-13 11:34 Security Affairs APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the …
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq 2025-05-13 10:21 The Register Turkish spies exploited a zero-day bug in a messaging app to collect info on the Kurdish army in Iraq, according to Microsoft, which says the attacks began more than a year ago. Specifically, the snoops abused CVE-2025-27920, a directory traversal …
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers 2025-05-13 08:36 The Hacker News May 13, 2025Ravie LakshmananZero-Day / Vulnerability A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April …
Yi Liu (R), one of 10 directors involved in Taiwanese television series "Zero Day", works on post-production with colorist Liang Yu Fang in Taipei 2025-05-13 04:37 Barron News Shield - Wisconsin
Lo Ging-zim is one of 10 directors involved in Taiwanese television series "Zero Day" 2025-05-13 04:37 Barron News Shield - Wisconsin
Colorist Liang Yu Fang works on post-production of the Taiwanese television series "Zero Day" 2025-05-13 04:37 Barron News Shield - Wisconsin
Zero Day! Taiwanese War Drama ‘Wake-Up Call’ To Chinese Invasion Threat As Next Battlefield Could Be Taiwan Strait 2025-05-13 03:46 The Eurasian Times The on-screen chaos is the basis of a new Taiwanese television series called “Zero Day”, which creators hope will “awaken” people to the real-life threat of a Chinese invasion of Taiwan. Beijing has long vowed to annex Taiwan, by force if necessary. But …
Microsoft spots zero-day use in spy campaign against Kurdish military in Iraq 2025-05-12 23:56 The Record A cyber-espionage group aligned with the Turkish government appears to have exploited a zero-day vulnerability in a messaging app to spy on Kurdish military operations in Iraq, researchers said Monday. The hackers, tracked as Marbled Dust, have been …
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams 2025-05-12 13:57 The Hacker News May 12, 2025Ravie LakshmananCybersecurity / Hacking News What do a source code editor, a smart billboard, and a web server have in common? They've all become launchpads for attacks—because cybercriminals are rethinking what counts as " …
SAP Zero-Day Targeted Since January, Many Sectors Impacted 2025-05-09 15:08 SecurityWeek Hundreds of SAP NetWeaver instances have been compromised through the exploitation of a recently disclosed zero-day vulnerability that can lead to remote code execution (RCE). The issue, tracked as CVE-2025-31324 (CVSS score of 10/10), was flagged as …
Possible Zero-Day Patched in SonicWall SMA Appliances 2025-05-08 15:37 SecurityWeek SonicWall on Wednesday announced patches for three vulnerabilities in its Secure Mobile Access (SMA) 100 series appliances that could lead to remote code execution (RCE). The first of the bugs, tracked as CVE-2025-32819 (CVSS score of 8.8), is an arbitrary …
Play Ransomware Zero-Day Attacks — US, Saudi Arabia Have Been Targeted 2025-05-08 10:38 Forbes Play ransomware exploited Windows zero-day.getty The ransomware threat is far from over, despite the internal private communications of some of the cybercriminal gangs being leaked, snitches being offered big bucks for information on gang members, and the …
This zero-day options craze could finally be coming to popular stocks like Nvidia and Tesla. Here’s what to know. 2025-05-08 02:30 Yahoo Finance - AFP via Getty Images An earlier version of this story incorrectly named Scott Bauer’s firm. A surge in trading of so-called “zero days to expiry” — or “0DTE” — options has contributed to an options-market boom over the past few years, drawing in both …
Windows flaw exploited as zero-day by more groups than previously thought 2025-05-07 23:41 CSO Initial access occurred through Cisco firewall Symantec found evidence that the attackers gained access to the victim’s network through a Cisco ASA firewall and then pivoted to a Windows machine. The researchers didn’t reveal if this access was achieved by …
Play ransomware affiliate leveraged zero-day to deploy malware 2025-05-07 19:56 Security Affairs Play ransomware affiliate leveraged zero-day to deploy malware The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File …
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization 2025-05-07 16:21 The Hacker News Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter …
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day 2025-05-07 10:13 SecurityWeek Multiple ransomware groups appear to have exploited a recently patched Windows vulnerability as a zero-day, Symantec reported. The vulnerability in question is tracked as CVE-2025-29824 and it was patched by Microsoft with its April 2025 Patch Tuesday …
Network and security vulnerabilities linked to 60% of zero-day cyberattacks 2025-05-06 13:59 Network World According to Casey Charrier, senior analyst at GTIG: “Zero-day exploitation continues to grow at a slow but steady pace. However, we have also started to see vendors’ work to mitigate zero-day exploitation begin to pay off. For example, we have seen fewer …
Android Update Patches FreeType Vulnerability Exploited as Zero-Day 2025-05-06 13:48 SecurityWeek Google on Monday started rolling out a fresh security update for Android phones, with fixes for roughly 50 vulnerabilities, including a bug exploited in the wild. Resolved as part of the update’s first part, which arrives on devices as the 2025-05-01 …
Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise 2025-05-06 13:48 SecurityWeek Threat actors have been observed launching a second wave of attacks against SAP NetWeaver instances that were compromised via a recent zero-day vulnerability, enterprise application security firm Onapsis warns. The zero-day, tracked as CVE-2025-31324 (CVSS …
Angela Bassett Adds Height in 5-Inch Louboutin Heels for ‘Zero Day’ FYC Event 2025-05-04 19:36 Footwear News - New York Angela Bassett was standing tall as the president during a For Your Consideration screening of the Netflix series “Zero Day” on Saturday in New York. The actress stars as the lead of the project, President Evelyn Mitchell, who seeks help from former …
Breach Roundup: Surge in Edge Device Zero-Day Exploits 2025-05-01 20:22 Bank Information Security - New Jersey Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response Also, Baltimore Public Schools Suffer Data Breach, Disney Menu Hacker Sentenced Anviksha More (AnvikshaMore) • May 1, 2025 Image: Shutterstock / ISMG Every week, …
Google releases report on zero-day cybersecurity vulnerabilities 2025-05-01 18:21 IAPP Google's Threat Intelligence Group released a report detailing 75 zero-day security vulnerabilities it found in 2024, and hackers' potential focus into exploiting the vulnerabilities of enterprise-centered services. The report claimed organizations …
Google reports surge in zero-day vulnerabilities targeting enterprise systems 2025-05-01 16:54 Network World In 2024, attackers exploited some 75 different zero-day vulnerabilities, making a decline from 2023 figures but an increase over 2022, according to Google. Google’s Threat Intelligence Group reported that, in 2024, it tracked 75 different zero-day …
The Rising Threat of Zero-Day Exploits Targeting Enterprise Security Products 2025-05-01 15:50 Security Boulevard Zero-day exploits continue to pose one of the most significant and evolving cybersecurity threats to businesses worldwide. According to a recent report, 75 zero-day vulnerabilities were exploited this year, with 44% of these attacks targeting enterprise …
Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment 2025-05-01 15:04 SecurityWeek Commvault has shared indicators of compromise (IoCs) associated with the exploitation of a vulnerability recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-3928 (CVSS score of 8.7), the unspecified security defect …
Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach 2025-05-01 10:11 The Hacker News May 01, 2025Ravie LakshmananZero-Day / Threat Intelligence Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is …
Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment 2025-05-01 08:31 GBHackers Commvault, a global leader in data protection and information management, has confirmed that a sophisticated cyberattack involving a zero-day vulnerability breached its Azure cloud environment earlier this week. The breach, attributed to a suspected nation …
Zero-Day Threats Are Evolving—And Your Business Is in the Firing Line 2025-05-01 08:02 WhaTech In the high-stakes world of cybersecurity, attackers are shifting their crosshairs from personal devices to enterprise infrastructure—and the implications for business leaders are clear: security can no longer be seen as just an IT issue. That’s the key …
Enterprise Security In The Crosshairs: Google Reveals Key Zero-Day Exploitation Trends For 2024 2025-05-01 07:20 Scoop The Google Threat Intelligence Group (GTIG) has released its latest annual analysis of zero-day vulnerabilities, revealing a shift in cybercriminal focus toward enterprise technologies, while overall zero-day exploitation remains on an upward trend. In its …
Zero-day hackers shift focus to enterprise tech in Google's report 2025-05-01 06:14 SecurityBrief The Google Threat Intelligence Group (GTIG) has released a report detailing trends in zero-day vulnerability exploitation, showing an increasing focus on enterprise technologies in 2024. According to GTIG's analysis, 75 zero-day vulnerabilities were …
Google research exposes ongoing global risk from zero-day vulnerabilities 2025-04-30 21:08 TechSpot In context: A zero-day vulnerability is an undiscovered security flaw that has already been exploited by cybercriminals and other threat actors. According to new research from Google, the zero-day threat continues to grow at a slow but steady pace. The …