More results...
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Ident…
Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
The post SAP Zero-Day Targeted Since January, Many Sectors Impacted appeared first on SecurityWeek.
SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as CVE-2025-32819 (CVSS score of 8.8), is […]
SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely.
The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek.
The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after […]
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader […]
Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise networks to instant system crashes via malicious UDP packets. Dubbed a “0-click” flaw, attackers c…