Google released an urgent security advisory to address a vulnerability being exploited in the wild. CVE-2026-5281 is a use-after-free vulnerability in Dawn, the open-source implementation of the WebGPU standard. This type of memory corruption flaw occurs when an application continues to use a pointer after the memory it points to has been cleared. Attackers can leverage this to execute arbitrary code or bypass critical security boundaries on a … Continue reading “Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026-5281)”
Tag: Zero-day Vulnerability
Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)
Apple released a security advisory to address its first zero-day vulnerability of the year. Tracked as CVE-2026-20700, successful exploitation of the vulnerability could lead to arbitrary code execution. Google Threat Analysis Group discovered and reported the vulnerability to Apple. The vulnerability exists in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. An attacker with memory write permission may exploit … Continue reading “Apple iOS Zero-day Vulnerability Exploited in Attacks (CVE-2026-20700)”
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)
Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Tracked as CVE-2025-20939, the vulnerability may allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of targeted appliances. The vulnerability has a critical severity rating with a … Continue reading “Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)”
CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)
Threat attackers exploit a zero-day vulnerability in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) tracked as CVE-2025-53690. The vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the vulnerability may lead to remote code execution and unauthorized access to information. Mandiant Threat Defense identified active exploitation of … Continue reading “CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)”
Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)
Ivanti released a security advisory to address a security flaw impacting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. Tracked as CVE-2025-22457, the vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the buffer overflow vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical … Continue reading “Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)
Kaspersky researchers Boris Larin and Igor Kuznetsov discovered a high-severity vulnerability in Google Chrome. Tracked as CVE-2025-2783, the vulnerability is being exploited in the wild. This is the first actively exploited Chrome zero-day since the start of the year. Google has not released any technical information about the nature of the attacks. Some reports suggest the … Continue reading “Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)”
Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)
Apple released fixes for an actively exploited vulnerability in attacks against iOS devices. Tracked as CVE-2025-24201, the vulnerability also affects macOS Sequoia and Safari web browser. The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. … Continue reading “Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)”
Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)
Apple released a security update to address a zero-day vulnerability, tracked as CVE-2024-24085. The security updates addressed 33 vulnerabilities impacting multiple products such as macOS Sonoma, macOS Ventura, macOS Sequoia, Safari, iOS, and iPadOS. CVE-2025-24085 The use after free vulnerability exists in the CoreMedia component of macOS Sequoia, iOS, and iPadOS. Successful exploitation of the vulnerability … Continue reading “Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)”
Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)
Ivanti released a security advisory to address critical and high severity vulnerabilities on January 8, 2025. Tracked as CVE-2024-0282 and CVE-2025-0283, the vulnerabilities may allow remote unauthenticated attackers to achieve remote code execution or local authenticated attackers to escalate their privileges on a targeted system. Ivanti mentioned in the advisory that “a limited number of customers … Continue reading “Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)”
Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)
Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”