Hackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025
The competition, hosted by Trend Micro’s Zero Day Initiative (ZDI), focused on uncovering security flaws in automotive technologies.
Read MoreZero-Day
Mozilla Firefox Zero-Day Actively Exploited, Patch Released
This ‘use-after-free’ vulnerability allows remote code execution and has been actively exploited in the wild.
Read MoreDell’s Data Breach and a Chrome Zero-Day
A massive data breach from Dell and Chrome fixes a zero-day in recent patch.
Read MoreCritical Cisco Flaw and Good Admin Passwords
Cisco has a super-critical zero-day flaw in IOS XE, and research shows that default and “easy” passwords are the most common passwords used by admins.
Read MoreOwl Labs Retraction, Qakbot, and Other Notable Updates
Owl Labs CVE’s are retracted. Also Qakbot is not quite dead yet, and other notable patches for the first week in October.
Read MoreZero-Day × Two
Both Apple and Microsoft have recently been challenged with some tough zero-day exploits. Click here to find out what the current workarounds are.
Read MoreSeveral Malware Organizations Launch Attacks, and Chrome and Microsoft Release Security Updates.
Luna Moth is pestering small businesses, attempting to get victims to make a phone call and allow remote access, and Emotet Botnet is resurfacing. Both of these issues stress the importance of examining email attachments before opening them. Also, the Ducktail ransomware is back, and Microsoft and Google have critical patches out for their software.
Read MoreZero-day Exploits Targeted Quicker After Disclosure
Acting quickly on zero-day vulnerabilities increases your protection against an exploit. A link to Microsoft’s security report outlining the importance of this available here.
Read MoreExchange Server Updates, Avast Decrypts Ransomware, and Android Devices Subject to Spyware
Today’s brief covers the release of additional recommendations to prevent Exchange Server exploits, Avast is able to decrypt certain variants of ransomware, and Android devices are getting targeted by spyware.
Read MoreExchange Server Vulnerability, Former Employee Blackmails Company, and More!
September wraps up with the following events: Two new vulnerabilities have been reported for Microsoft Exchange Servers. A former employee holds a company’s website and email hostage. New phishing scam involving fake government jobs is out in the wild. Fake LinkedIn user accounts are being used to distribute malware. Cisco releases a patch for their products.
Read More