Geek-Guy.com

Category: zero days

Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Qualcomm, Technology, vulnerabilities, zero days

Google addresses 34 high-severity vulnerabilities in June’s Android security update

Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…

Read more →

Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Qualcomm, Technology, vulnerabilities, zero days

Google addresses 34 high-severity vulnerabilities in June’s Android security update

Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…

Read more →

Android, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Google, Google Threat Analysis Group, patching, Qualcomm, Technology, vulnerabilities, zero days

Google addresses 34 high-severity vulnerabilities in June’s Android security update

Google’s June security update for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn’t disclose any actively exploited vulnerabilities. Attackers could exploit the most serious flaw — CVE-2025-26443 affecting the Android system — to achieve local escalation of privilege with no additional privileges required. Google said exploitation…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Ransomware, Research, security patch, Threats, vulnerabilities, zero days

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

Microsoft addressed 72 vulnerabilities affecting its core products and underlying systems, including five actively exploited zero-days across various Windows components, the company said in its latest security update Tuesday. “This is now the eight consecutive Patch Tuesday on which Microsoft has published zero-day vulnerabilities without evaluating any of them as critical severity at time of…

Read more →

CVE, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, SAP, Threats, vulnerabilities, zero days

SAP zero-day vulnerability under widespread active exploitation

Threat hunters and security researchers have observed widespread exploitation of a zero-day vulnerability affecting SAP NetWeaver systems. The unrestricted file upload vulnerability — CVE-2025-31324 — has a base score of 10 on the CVSS scale and allows attackers to upload files directly to the system without authorization.  The software defect, which affects the SAP Visual…

Read more →

Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Data Breaches, edge devices, Exploitation, Exploits, Global Security News, Ransomware, ransomware payments, Research, Threats, Verizon, Verizon Data Breach Investigations Report, Verizon DBIR, zero days

Verizon discovers spike in ransomware and exploited vulnerabilities

Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations…

Read more →

china, CISA, cisco, citrix, Coalition, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), edge devices, espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Ransomware, Research, security patch, Threats, vulnerabilities, zero days

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a…

Read more →

Android, Cellebrite, Cybersecurity, Exploits, Global Security News, Google, Mobile, Mobile Security, security patch, Technology, Threats, vulnerabilities, zero days

Google addresses 2 actively exploited vulnerabilities in security update

Google addressed 62 vulnerabilities affecting Android devices in its April security update, including a pair of actively exploited software defects that were first disclosed in December. Google said the two vulnerabilities — CVE-2024-53197 and CVE-2024-53150 — “may be under limited, targeted exploitation.” The pair of flaws under active exploitation are high-severity and affect the Linux…

Read more →

Apple, CVE, Cybersecurity, Exploits, Global Security News, iOS, iPadOS, macOS, Safari, security patch, Technology, zero days

Apple issues fixes for vulnerabilities in both old and new OS versions

Apple released security updates Monday to address software defects in the latest version of the company’s Safari browser and other applications across iOS, iPadOS and macOS.  The security issues addressed across the latest versions of Apple’s most popular platforms include 62 vulnerabilities affecting iOS 18.4 and iPadOS 18.4, 131 vulnerabilities affecting macOS Sequoia 15.4 and…

Read more →

APT37, APT43, china, Cybercrime, Cybersecurity, Evil Corp, Exploits, Global Security News, Government, India, Iran, Microsoft, microsoft windows, nation state threats, nation-state hackers, North Korea, pakistan, Ransomware, Research, Russia, Stanford University, Threats, trend micro, vulnerability, Windows, Zero Day Initiative, zero days

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…

Read more →

Action1, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days

Microsoft patches 57 vulnerabilities, including 6 zero-days

Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale.  The software defects…

Read more →

Apple, Cybersecurity, Exploits, Global Security News, iOS, mac, patching, Safari, Technology, Threats, zero days

Apple discloses zero-day vulnerability, releases emergency patches

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent…

Read more →

Amnesty, Amnesty International, Cellebrite, Global IT News, Global Security News, Google, hacking, Security, Serbia, Spyware, zero days

Researchers uncover unknown Android flaws used to hack into a student’s phone

Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools. On Friday, Amnesty International published a report detailing a chain of three zero-day vulnerabilities developed by phone-unlocking company Cellebrite, which its researchers found after investigating the hack of a student protester’s phone in Serbia. The…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…

Read more →

Barcelona, Cybersecurity, Defense Prime, Epsilon, Exclusive, Global IT News, Global Security News, Hackers, Head and Tail, Palm Beach Networks, Security, Spyware, Startups, variston, zero days

How Barcelona became an unlikely hub for spyware startups

Barcelona’s mix of affordable cost of living and quality of life has helped create a vibrant startup community — and become a hotbed for the creation of surveillance technologies. © 2024 TechCrunch. All rights reserved. For personal use only.

Read more →

Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, Global Security News, ivanti, malware, Mandiant, SPAWN, UNC5221, UNC5337, vulnerabilities, zero days

New zero-day exploit targets Ivanti VPN product

A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…

Read more →

WordPress Appliance - Powered by TurnKey Linux