Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Patch Tuesday: Microsoft Fixes 63 Bugs with 2 Zero-Days

Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to…

HackRead
Open in Source
#vulnerability#mac#windows#microsoft#dos#intel#rce#ssrf#auth#zero_day#sap
Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

Microsoft's February Patch a Lighter Lift Than January's

But there's plenty in it — including two zero-days — that need immediate attention.

Apple fixes zero-day vulnerability used in “extremely sophisticated attack”

Apple has released an out-of-band security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.”

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This

XE Group Shifts From Card Skimming to Supply Chain Attacks

The likely Vietnam-based threat actor has been using two zero-days in VeraCore's warehouse management software in some of its latest cyberattacks.

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation

At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot (AI) Bounty Program. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain robust, safe, and secure.

S. Korea’s Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked

Ya-moon, S. Korea’s notorious sex crime hub operating since 1990, hacked; user data leaked, exposing CSAM, exploitation, and illicit activities.

Changing the tide: Reflections on threat data from 2024

Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.