cyber security
Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework.The vulnerability, dubbed MSC...
Chrome
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome.This...
cyber security
New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit
Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas...
CVE/vulnerability
Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication
Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface.With a...
cyber security
Hackers Exploit Ivanti Connect Secure Vulnerability to Inject SPAWNCHIMERA malware
In a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability in Ivanti Connect Secure (ICS) appliances, tracked as CVE-2025-0282.This...
CVE/vulnerability
Windows Driver Zero-Day Vulnerability Let Hackers Remotely Gain System Access
Microsoft has confirmed the discovery of a significant zero-day vulnerability, tracked as CVE-2025-21418, in the Windows Ancillary Function Driver for WinSock.This flaw, categorized as an Elevation...
CVE/vulnerability
Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access
Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.This...
cyber security
XE Hacker Group Exploiting Veracore 0-Day’s to Deploy Malware & Steal Credit Card Details
The XE Group, a sophisticated Vietnamese-origin cybercrime organization active since 2013, has escalated its operations by exploiting two zero-day vulnerabilities in VeraCore software, CVE-2024-57968...
CVE/vulnerability
MobSF Framework Zero-Day Vulnerability Allows Attackers to Trigger DoS in Scan Results
A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms in the cybersecurity community.The vulnerability, which allows attackers to cause...
cyber security
Zero-Day Vulnerabilities in Microsoft Sysinternals Tools Enable DLL Injection Attacks on Windows
A significant zero-day vulnerability has been uncovered in Microsoft Sysinternals tools, posing a severe risk to Windows systems.These widely-used utilities, essential for IT...
cyber security
Arm Released a Security Update Mali GPU Kernel Driver Vulnerabilities
On February 3, 2025, Arm disclosed a vulnerability in the Mali GPU Kernel Driver that allows improper GPU processing operations.This issue affects Valhall...