#zero-day

[ follow ]
fromTheregister
2 hours ago

Apple rushes out fix for active zero-day in iOS and macOS

Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks. Logged as CVE-2025-43300, the bug is an out-of-bounds write issue in ImageIO, the component apps rely on to read and write standard image formats. Apple warned that the flaw could let miscreants hijack devices with a booby-trapped image - and for some iDevice users, it sounds like the damage has already been done.
Apple
fromIT Pro
3 hours ago

Apple just released an emergency patch for a zero-day exploited in the wild - here's why you need to update now

Critical Image I/O zero-day (CVE-2025-43300) enables arbitrary code execution via malicious images on iPhone, iPad, and Mac; install the emergency update immediately.
fromTechCrunch
1 day ago

New zero-day startup offers $20 million for tools that can hack any smartphone | TechCrunch

A UAE-based startup offers up to $20 million for smartphone zero-day exploits, marketing powerful hacking tools to governments and intelligence agencies.
Privacy professionals
fromThe Hacker News
1 week ago

WinRAR Zero-Day Under Active Exploitation - Update to Latest Version Immediately

WinRAR released an update addressing CVE-2025-8088, a zero-day vulnerability causing path traversal and allowing arbitrary code execution.
fromZDNET
4 weeks ago

Microsoft fixes two SharePoint zero-days under attack, but one is still unresolved - how to patch

CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain.
Information security
fromTechzine Global
4 weeks ago

Hackers linked to China behind Microsoft SharePoint attack

Multiple attackers are exploiting the Microsoft SharePoint zero-day vulnerability, including state and non-state actors.
#cybersecurity
more#cybersecurity
#chrome
more#chrome
fromThe Hacker News
3 months ago

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Critical vulnerabilities in Craft CMS are being exploited in zero-day attacks, requiring immediate attention from users.
[ Load more ]