#zero-day-exploitation

[ follow ]
#oracle-e-business-suite #cve-2025-61882 #cl0p #aspnet-viewstate-deserialization #web-shells
Information security
fromSecurityWeek
3 days ago

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

A KnowledgeDeliver ASP.NET zero-day enabled ViewState deserialization using hardcoded machineKey values, leading to web shells, Godzilla malware, and Cobalt Strike backdoors.
Information security
fromZDNET
1 week ago

5 ways to fortify your network against the new speed of AI attacks

Enterprise intrusions are accelerating as attackers automate handoffs, while humans remain the weakest link, requiring structural network defenses and preventative security changes.
Information security
fromSecurityWeek
2 months ago

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Cisco firewall vulnerability CVE-2026-20131 was exploited as a zero-day by Interlock cybercrime group since January 26, before the March 4 patch announcement.
Information security
fromSecurityWeek
2 months ago

Michelin Confirms Data Breach Linked to Oracle EBS Attack

Michelin confirmed a data breach from the Cl0p ransomware group's Oracle EBS zero-day exploitation campaign affecting over 100 organizations.
Information security
fromSecurityWeek
2 months ago

Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited

Cisco Catalyst SD-WAN vulnerability CVE-2026-20127, initially exploited as a zero-day, now sees widespread internet-wide exploitation by multiple threat actors across global regions.
Information security
fromTheregister
6 months ago

Fortinet confirms second 0-day in just four days

FortiWeb OS command injection zero-day CVE-2025-58034 is exploited in the wild; Fortinet released a patch—update FortiWeb devices immediately.
Information security
fromTheregister
6 months ago

Amazon: Cisco, Citrix 0-days indicate 'advanced' attacker

An advanced attacker used CitrixBleed 2 and an undocumented, max-severity Cisco ISE vulnerability as zero-days to deploy custom malware and achieve remote root code execution.
Information security
fromTechzine Global
6 months ago

Citrix and Cisco attacks discovered via Amazon honeypot

AWS's MadPot honeypot detected active exploitation of zero-days against Citrix NetScaler and Cisco ISE, revealing attackers exploiting CVE-2025-5777 and a Cisco zero-day.
Information security
fromTechzine Global
6 months ago

Cisco firewalls under attack: patching required

Cisco firewall products face ongoing exploitation causing device reboots and network outages; urgent updating to the latest patched software is required to prevent service disruption.
#oracle-e-business-suite
more#oracle-e-business-suite
Information security
fromSecurityWeek
8 months ago

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

A critical deserialization vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035) was exploited in the wild at least eight days before patches were released.
Information security
fromTheregister
8 months ago

CISA: Attacker exploited Ivanti bugs, dropped snoopy malware

Two zero-day Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) were chained to deploy malware and enable arbitrary code execution on compromised servers.
Information security
fromTheregister
8 months ago

Google pushes emergency patch for Chrome 0-day

Update Chrome immediately to patch CVE-2025-10585, a V8 type-confusion vulnerability actively exploited to enable crashes, arbitrary code execution, and potential system compromise.
Information security
fromIT Pro
8 months ago

Enterprises need to patch these Citrix flaws now

Critical memory-overflow and access-control vulnerabilities in Citrix NetScaler ADC/Gateway allow remote code execution, denial-of-service, and are being actively exploited.
Information security
fromThe Hacker News
9 months ago

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Murky Panda exploits trusted cloud relationships, internet-facing appliances, and supply-chain weaknesses to gain access and deploy a Golang RAT called CloudedHope.
[ Load more ]