0-day Archives - Page 5 of 18 - Help Net Security

0-day

WordPress kept users and hackers in the dark while secretly fixing critical zero-day

February 2, 2017

Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier. What the WordPress …

Firefox 0-day exploited in the wild to unmask Tor users

November 30, 2016

An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser …

Pawn Storm raced to pop many targets before Windows zero-day patch release

November 9, 2016

As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking …

Post-pumpkin Patch Tuesday: What’s in store for November

November 3, 2016

There has been a lot of activity since October’s Patch Tuesday. During that short period of time, Oracle released its quarterly CPU, including an update for Java JRE; Adobe …

Latest Windows zero-day exploited by DNC hackers

November 2, 2016

Due to Google’s public release of information about an actively exploited Windows zero-day, Microsoft was forced to offer its own view of things and more information …

Google warns of actively exploited Windows zero-day

November 1, 2016

Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7255) that is being actively exploited in the wild. According to Neel Mehta and …

Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls

August 24, 2016

EXTRABACON, one of the Equation Group exploits leaked by the Shadow Brokers, can be made to work on a wider range of Cisco Adaptive Security Appliance (ASA) firewalls than …

LastPass zero-day can lead to account compromise

July 27, 2016

A zero-day flaw in the popular password manager LastPass can be triggered by users visiting a malicious site, allowing attackers to compromise the users’s account and …

Fix for actively exploited Flash Player 0day is out, patch ASAP!

June 16, 2016

Adobe has issued a patch for the Plash Player zero-day vulnerability (CVE-2016-4171) that is actively exploited by the ScarCruft APT group. The bug, discovered by Anton Ivanov …

Adobe Flash zero-day actively exploited in targeted attacks

June 15, 2016

A zero-day vulnerability affecting the latest version of Adobe Flash Player and all previous ones is being actively exploited in limited, targeted attacks, the company has …

Windows zero-day exploit offered for sale on underground market

June 1, 2016

Someone is selling an exploit for a Windows zero-day on an underground market for Russian-speaking cyber criminals, and the current price is set at $90,000. Trustwave …

Latest Flash 0day exploit delivered via booby-trapped Office file

May 16, 2016

Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details …

0-day

WordPress kept users and hackers in the dark while secretly fixing critical zero-day

Firefox 0-day exploited in the wild to unmask Tor users

Pawn Storm raced to pop many targets before Windows zero-day patch release

Post-pumpkin Patch Tuesday: What’s in store for November

Latest Windows zero-day exploited by DNC hackers

Google warns of actively exploited Windows zero-day

Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls

LastPass zero-day can lead to account compromise

Fix for actively exploited Flash Player 0day is out, patch ASAP!

Adobe Flash zero-day actively exploited in targeted attacks

Windows zero-day exploit offered for sale on underground market

Latest Flash 0day exploit delivered via booby-trapped Office file

Don't miss

MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers

Lessons from Microsoft’s 250 million data record exposure

CISOs: Make 2020 the year you focus on third-party cyber risk

IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781

It’s time to patch your Cisco security solutions again