Articles tagged "Zero-day"

Found 143 articles

An anonymous researcher has released zero-day exploits for several software products, raising concerns among users and developers. Notably, a critical vulnerability in libssh2 (CVE-2026-55200) allows attackers to execute code remotely without authentication. Additionally, a flaw in self-hosted Gitea Docker deployments (CVE-2026-20896) permits authentication bypass, enabling attackers to impersonate users and potentially take over Git servers. This incident is significant as it exposes serious weaknesses in widely used software, which could lead to unauthorized access and data breaches if not addressed promptly. Organizations using these products should be vigilant and take immediate steps to secure their systems.

Read Original

The article discusses the ongoing challenges of browser security, emphasizing that zero-day vulnerabilities are just one aspect of a larger problem. Researchers point out that many security issues stem from outdated software, poor user practices, and inadequate security measures implemented by companies. This affects a wide range of users, especially those relying on browsers for sensitive transactions. The piece stresses the need for users to stay updated on security patches and for companies to prioritize user education and better security protocols. As cyber threats evolve, it’s crucial for both users and organizations to adapt their strategies to protect against various vulnerabilities.

Read Original
Actively Exploited

A data breach has occurred at the National Association of Insurance Commissioners (NAIC) after attackers exploited a zero-day vulnerability in Oracle Peoplesoft. This breach allows unauthorized access to the IT systems used by the NAIC, which plays a crucial role in setting standards for the US federal insurance framework. The incident raises serious concerns about the security of sensitive information within the insurance sector, as the NAIC handles critical data that impacts consumers and insurance providers alike. The exploitation of this vulnerability serves as a stark reminder of the ongoing risks associated with software used in government and financial sectors. Stakeholders need to be vigilant and assess their systems for potential vulnerabilities to prevent similar incidents in the future.

Read Original

The National Association of Insurance Commissioners (NAIC) has confirmed that it was the target of a cyberattack claiming a massive data theft of 3.1TB. The breach was linked to a zero-day vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning software. The hacking group ShinyHunters has taken responsibility for the incident, raising concerns about the security of sensitive data within the insurance sector. As a result, companies using Oracle PeopleSoft should assess their systems and consider implementing necessary security measures to protect against such vulnerabilities. This incident highlights the ongoing risks associated with software vulnerabilities and the importance of timely patches and updates.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

Actively Exploited

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

Actively Exploited

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Read Original

Mandiant has reported on a serious vulnerability in Cisco's Catalyst SD-WAN, identified as CVE-2026-20245, which has been exploited by hackers to gain root access to affected devices. This zero-day attack allows attackers to create unauthorized root accounts, compromising network security for organizations using this technology. The vulnerability poses a significant risk to businesses relying on Cisco's SD-WAN solutions, as it can lead to unauthorized access and potential data breaches. Companies should urgently assess their systems for this vulnerability and implement necessary security measures to protect their networks.

Read Original

The ShinyHunters group has been at the forefront of several high-profile data breaches, demonstrating that attackers can achieve significant damage without relying on malware or zero-day exploits. Instead, they often utilize stolen credentials and other readily available information to access sensitive data. This method has led to the exposure of user information from various services, impacting numerous companies and their customers. The implications of these breaches are severe, as they compromise personal data and can lead to identity theft, financial loss, and a loss of trust in the affected services. Organizations need to strengthen their security measures, including enforcing stronger password policies and implementing multi-factor authentication to mitigate such risks.

Read Original

Microsoft has confirmed a serious vulnerability in its Defender software, identified as the RoguePlanet zero-day (CVE-2026-50656), which has a CVSS score of 7.8. This flaw allows attackers to escalate privileges through the Microsoft Malware Protection Engine, potentially giving them greater access to affected systems. Microsoft is currently working on a security patch to address this issue but has not yet released specific details about the patch or when it will be available. Users of Microsoft Defender should remain vigilant and monitor for updates from Microsoft regarding this vulnerability, as it poses a significant risk to system security. The implications are serious, especially for organizations relying on Defender for malware protection.

Read Original

This week saw several cybersecurity incidents that highlight ongoing vulnerabilities in various systems. A zero-day vulnerability was discovered in Google Chrome, which could allow attackers to execute arbitrary code. Additionally, exploits affecting UniFi devices were reported, taking advantage of outdated software. Cybercriminals are also utilizing phishing kits that are increasingly easy to rent, making them more accessible to a wider range of attackers. Meanwhile, macOS systems are facing threats from new data-stealing malware, and a flaw in VPN services was identified, potentially exposing user data. These incidents remind users and organizations of the continuous need to update their software and remain vigilant against evolving cyber threats.

Read Original
Actively Exploited

A significant vulnerability in Oracle's ERP software has been exploited by hackers, particularly impacting American universities. The group known as ShinyHunters took advantage of this flaw to steal large amounts of sensitive data from these institutions. This incident raises concerns about the security of educational data, as universities often hold a wealth of personal and financial information about students and staff. The exploitation of this zero-day vulnerability emphasizes the need for organizations to regularly update their software and implement strong security measures to protect against such attacks. As this situation unfolds, affected universities must respond quickly to mitigate the damage and secure their systems.

Read Original
Actively Exploited

A newly discovered zero-day vulnerability in the Gogs self-hosted Git service allows attackers to execute remote code on servers that are exposed to the internet. This flaw poses a significant risk to organizations using Gogs for version control, as malicious actors could potentially gain full control over affected systems. Currently, there are no patches available to fix this issue, leaving users vulnerable until a solution is released. The exploitation of this vulnerability is particularly concerning because it can lead to data breaches or further attacks within an organization's infrastructure. Users and administrators of Gogs should take immediate action to secure their installations and monitor for any unusual activity.

Read Original

A recently discovered zero-day vulnerability in the LiteSpeed cPanel plugin has been exploited by attackers to execute scripts with root privileges. This security flaw poses a significant risk to users of LiteSpeed's web server and cPanel, particularly those who have not yet applied the necessary patches. The Cybersecurity and Infrastructure Security Agency (CISA) has urged immediate action to patch this vulnerability, which had been actively exploited before it was resolved last week. Failure to address this issue could leave systems vulnerable to further attacks, potentially compromising sensitive data and system integrity. Users are strongly advised to prioritize updates to safeguard their environments.

Read Original

Hackers have taken advantage of a zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to install a malicious web shell known as Godzilla. This security flaw allows attackers to gain unauthorized access to systems running this LMS, potentially compromising sensitive data and disrupting services. Organizations using KnowledgeDeliver should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational and data security issues. The presence of a web shell means that attackers can execute commands remotely, making it crucial for affected users to take immediate action to secure their systems. Companies must prioritize patching and monitoring their environments to mitigate the risks associated with this exploit.

Read Original

A zero-day vulnerability identified as CVE-2026-5426 has been discovered in a Japanese Learning Management System (LMS). This security flaw arises from the use of hard-coded ASP.NET machine keys, which attackers can exploit to deploy Cobalt Strike, a popular penetration testing tool that can also be used for malicious purposes. The exploitation of this vulnerability poses significant risks to educational institutions and organizations using the LMS, potentially allowing unauthorized access to sensitive information and systems. Users of the affected LMS should take immediate steps to secure their systems to prevent potential intrusions.

Read Original
PreviousPage 2 of 10Next