Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform. When exploited together, the vulnerabilities may allow attackers to fully compromise the application and the underlying host system. The vulnerabilities affect key elements of the platform, which are based on Docker containers, Spring Boot, and … Continue reading “Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)”
Tag: Zero-day Vulnerabilities
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)
Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”
Mozilla Fixes Two Actively Exploited Zero-day Vulnerabilities in Firefox (CVE-2025-4919 & CVE-2025-4918)
Mozilla released a security advisory to address two critical severity vulnerabilities in Firefox. Tracked as CVE-2025-4919 & CVE-2025-4918, the vulnerabilities may allow attackers to access sensitive data or execute code. Both vulnerabilities are exploited as a zero-day at Pwn2Own Berlin. Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. Contestants are … Continue reading “Mozilla Fixes Two Actively Exploited Zero-day Vulnerabilities in Firefox (CVE-2025-4919 & CVE-2025-4918)”
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)
Apple Safari, macOS Sequoia, iOS, and iPadOS are vulnerable to two security flaws being exploited in the wild. In the advisory, Apple mentioned that they are aware of a report that the vulnerabilities have been actively exploited on Intel-based Mac systems. Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered both CVE-2024-44308 and … Continue reading “Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309)”
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)
Ivanti released a patch to address three Cloud Services Appliance (CSA) zero-day vulnerabilities actively exploited in attacks. CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381 are high and medium severity vulnerabilities that may allow an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. Ivanti mentioned in the advisory, “We are aware … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)”
Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)
Threat actors are using CVE-2024-23222, CVE-2023-42916, and CVE-2023-42917 vulnerabilities in attacks against iOS and Macs. Apple has addressed the vulnerabilities in products such as Safari, iOS, iPadOS, macOS, watchOS, and tvOS. Along with the zero-day vulnerability, Apple has addressed multiple vulnerabilities affecting its popular products. CISA has added the CVE-2024-23222 to its Known Exploited Vulnerabilities Catalog, … Continue reading “Apple Releases Patch for Zero-day Vulnerabilities Used in Attack Against iOS and macOS (CVE-2024-23222, CVE-2023-42916, & CVE-2023-42917)”
Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)
Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”
Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)
The Citizen Lab at The University of Torontoʼs Munk School has discovered two critical severity vulnerabilities in Apple macOS Ventura, iOS, and iPadOS. Tracked as CVE-2023-41064 and CVE-2023-41061, the vulnerabilities may allow an attacker to perform arbitrary code execution. Apple is aware of the active exploitation of these vulnerabilities. The Citizen Lab has mentioned in … Continue reading “Apple Releases Emergency Updates to Address Zero-day Vulnerabilities in macOS Ventura, iOS, and iPadOS (CVE-2023-41064 & CVE-2023-41061)”
Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution
Notepad++ is vulnerable to multiple buffer overflow vulnerabilities that may allow attackers to execute arbitrary code on target systems. The CVEs are being tracked as CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, and CVE-2023-40166. These vulnerabilities’ severity ratings and CVSS scores range from 5.5 (Medium) to 7.8 (High). Jaroslav Lobačevski discovered the vulnerabilities from GHSL. Don Ho developed Notepad++. … Continue reading “Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution”