SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.
Articles tagged "Zero-day"
Found 143 articles
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to quickly address three vulnerabilities in SharePoint that are currently being exploited by attackers. Among these, two have been identified as zero-days, meaning they are actively targeted before a patch was made available. This situation poses significant risks to users of SharePoint, as attackers could gain unauthorized access to sensitive data or disrupt operations. Organizations that use SharePoint are advised to prioritize patching these vulnerabilities to protect their systems and data from potential breaches. Immediate action is crucial to mitigate the risks associated with these exploits.
A new AI-powered system has been developed to automatically find complex software vulnerabilities, referred to as a 'vulnerability vending machine.' This system utilizes code slicing alongside large language models (LLMs) to discover previously unknown security flaws. Recently, it successfully identified and exploited a zero-day vulnerability in a WordPress plugin, which had not been publicly known before. The company behind this technology is also working on additional vulnerabilities that are currently under responsible disclosure, meaning they are notifying affected parties before making the details public. This development raises concerns about the ease of finding and exploiting software vulnerabilities, potentially putting many users and systems at risk if such tools become widely accessible.
Progress has confirmed that a zero-day vulnerability was behind the recent disruption of its ShareFile service. This issue specifically impacted customers using the Storage Zones Controller, who experienced access problems. To address the situation, Progress has rolled out a fix that these customers can apply to restore functionality. The existence of a zero-day exploit raises concerns about the security of the affected systems, as attackers could have potentially leveraged this vulnerability before it was patched. Users of ShareFile should prioritize applying the fix to mitigate any risks associated with this vulnerability.
SonicWall has issued a warning about active attacks targeting two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 appliances. These vulnerabilities were identified by Adam Babis from SonicWall's Product Security Incident Response Team (PSIRT) and include a serious flaw that allows for arbitrary command execution. The company has confirmed that these vulnerabilities are being actively exploited in the wild, which poses a significant risk to organizations using these appliances. Users of the SMA 1000 series should be particularly vigilant, as the exploitation could lead to unauthorized access and control over their systems. It's crucial for affected organizations to take immediate action to protect their networks.
SonicWall has reported that two zero-day vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances are currently being exploited. One of these vulnerabilities, identified as CVE-2026-15409, has a critical CVSS score of 10.0 and allows remote attackers to execute arbitrary commands through a server-side request forgery (SSRF). This means that attackers can potentially gain unauthorized access to sensitive systems. The exploitation of these vulnerabilities poses a significant risk to organizations using these appliances, as it could lead to severe security breaches. SonicWall's warning emphasizes the urgency for users to address these issues to protect their networks.
SonicWall has issued a warning about two vulnerabilities in its SMA1000 series, identified as CVE-2026-15409 and CVE-2026-15410. These flaws are being actively exploited by attackers in zero-day attacks, meaning they are being targeted before a fix has been widely implemented. As such, SonicWall is urging all users of the SMA1000 series to apply the newly released security updates to protect against these threats. Failure to patch could leave systems vulnerable to unauthorized access and potential data breaches. Users should prioritize this update to maintain the security of their networks.
Help Net Security
SonicWall has identified two vulnerabilities in its Secure Mobile Access (SMA) 1000 Series appliances, known as CVE-2026-15409 and CVE-2026-15410, which are currently being exploited by attackers. The company is urging its customers to upgrade to a fixed firmware version immediately and to check for signs of compromise on their systems. If any indicators of compromise are found, SonicWall recommends that organizations re-image their hardware or redeploy their virtual appliances, change all user and administrator passwords, and reset any Time-based One-Time Password (TOTP) tokens. This situation raises concerns for organizations relying on these appliances for secure remote access, as attackers could exploit these vulnerabilities to gain unauthorized access to sensitive information. Swift action is essential to mitigate potential risks.
Progress Software has confirmed that a serious zero-day vulnerability led to the emergency shutdown of ShareFile Storage Zone Controllers last week. Users of ShareFile, a cloud-based file sharing and storage service, were affected as the company worked to address the flaw. Progress has since released security updates to patch this vulnerability, which could have potentially allowed unauthorized access or data breaches. This incident is significant because it underscores the risks associated with cloud storage services, highlighting the need for users to ensure their systems are updated promptly to protect sensitive data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two severe vulnerabilities affecting iCagenda and Balbooa extensions for Joomla, assigning them a maximum severity rating of 10.0 on the CVSS scale. These vulnerabilities have reportedly been exploited in the wild, making them a pressing concern for users of these Joomla extensions. CVE-2026-48939 is one of the identified flaws, but specific details about the second vulnerability have not been disclosed. Joomla users utilizing these extensions should take immediate action to secure their systems, as attackers are actively targeting these weaknesses. The situation emphasizes the need for timely updates and patches to prevent unauthorized access and potential data breaches.
A data breach at KDDI, a major Japanese telecommunications company, has compromised the personal information of approximately 12 million users. Hackers took advantage of a zero-day vulnerability found in a third-party system to gain unauthorized access to KDDI's email system used by Internet Service Providers (ISPs). This breach raises concerns about user privacy and the security of sensitive data, as affected individuals could face risks like identity theft or fraud. KDDI has not yet released detailed information on how they plan to address the breach or what specific data was stolen, but the scale of the incident underscores the need for companies to bolster their cybersecurity measures, especially when relying on third-party systems.
Krebs on Security
A new cybersecurity startup is raising concerns due to its leadership, which includes two convicted felons known for promoting far-right conspiracy theories. This company is reportedly offering substantial sums of money for zero-day vulnerabilities in widely used software. The founders have a history of operating under false identities and have been involved in questionable ventures, including fake intelligence firms and a now-defunct AI lobbying platform. This raises significant red flags about the company's credibility and the potential risks associated with its activities, especially regarding the security of the software it targets. Users and businesses relying on the affected software should be cautious, as the existence of these vulnerabilities could lead to serious security breaches.
Infosecurity Magazine
A cybersecurity researcher has released over 30 proof-of-concept exploits without revealing the underlying vulnerabilities first. This action, known as 'Exploitarium,' raises significant concerns within the cybersecurity community as it could enable malicious actors to exploit these vulnerabilities before they are patched. The researcher argues that this approach can pressure vendors to address security flaws more quickly. However, this practice may also put many users and organizations at risk, as they might not be aware of the potential threats posed by these exploits. The implications of this release emphasize the ongoing tension between security research and responsible disclosure, highlighting the need for better communication between researchers and vendors.
Nissan Americas has been impacted by a significant data breach linked to a zero-day vulnerability in Oracle’s PeopleSoft software, identified as CVE-2026-35273. This vulnerability has led to a series of attacks, with researchers connecting it to a group known as UNC6240, which is believed to be exploiting the weakness. The breach raises serious concerns about the security of sensitive employee information and operational data within Nissan Americas and potentially other organizations using the same software. As attackers continue to exploit this vulnerability, affected companies must act quickly to secure their systems and protect their data from further unauthorized access.
The Microsoft Defender vulnerability identified as CVE-2026-33825 has been actively exploited in ransomware attacks before any patches were made available. This zero-day vulnerability poses a significant risk to users of Microsoft Defender, as attackers have been able to take advantage of this flaw to deploy ransomware. The situation is urgent, as organizations using this security software may find themselves vulnerable to data breaches and financial loss. Experts strongly recommend that all users of Microsoft Defender remain vigilant and apply any available security updates as soon as they are released to mitigate potential risks. Immediate action is crucial to protect sensitive information from being compromised by malicious actors.