GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
#Ivanti #GreyNoise #Cybersecurity #ZeroDays
#ZeroDays
#Government #hackers are leading the use of attributed #zerodays
Google’s says number of #0day #exploits — flaws unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers.
https://techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
Google: 97 #zeroday #exploits in #2024, over 50% in #spyware attacks
They noted that cyber-espionage threat actors—including government-backed groups and commercial #surveillance vendors' customers—were responsible for more than half of attributable #0day attacks in 2024.
End-user platforms and products (e.g., web browsers, mobile devices, and desktop operating systems) made up 56% of the tracked #zerodays.
https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/
Ars Technica: Google: Governments are using zero-day hacks more than ever. “Last year was big for zero-day exploits, security threats that appear in the wild before vendors have a chance to develop patches. Through its sprawling network of services and research initiatives, Google is the first to spot many of these threats. In a new report from the Google Threat Intelligence Group (GTIG), the […]
Google Releases April Android Update to Address Two Zero-Days
https://www.infosecurity-magazine.com/news/android-update-address-two-zero/
#Infosec #Security #Cybersecurity #CeptBiro #Google #AndroidUpdate #ZeroDays
✉️ Telegram se vyjádřil k nabídce za nalezení kritických chyb pro ruskou vládu
🔗 https://infoek.cz/telegram-se-vyjadril-k-nabidce-za-nalezeni-kritickych-chyb-pro-ruskou-vladu-2025/
✉️ Operation Zero chce chyby v Telegramu pro Ruskou vládu. Nabízí až 4 miliony dolarů
Krebs on Security: Microsoft: 6 Zero-Days in March 2025 Patch Tuesday. “Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.”
Whopping Number of #Microsoft #ZeroDays Under Attacks. The number of zero-day #vulnerabilities getting patched in Microsoft's March update is the company's second largest ever.
https://www.darkreading.com/application-security/whopping-number-microsoft-zero-days-under-attack
#ZeroDays Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks. More than 41,000 ESXi instances remain vulnerable to a critical #VMware #vulnerability, one of three that Broadcom disclosed earlier this week.
https://www.darkreading.com/remote-workforce/zero-days-risk-vm-escape-attacks
#security #vulnerabilities
My first round of zero days "challenge coins" backed by NFTs has been distributed. Unlike the normal NFT rug pull and cash grab, these are intended to only be for me to give out to people who have proven they've actually snagged a real 0-day.
They aren't worth anything beyond the glory to get one and the fun stories to make them sound way more crazy than they are ... but it's fun!
0xe1565d9bb8fa5b916d1e999b671f2deb9ecea26c
#ZeroDays is a non profit community hacking #CTF that is in its 10th year in Ireland, it pulls in folks from all levels and up to 130 teams have competed annually, they even accomodate secondary school level competitors at their events.
It takes place in Croke Park in March. They've had a tough year with company sponsorship, I've thrown my own company's hat in the ring but it would be great to get some larger companies on board
Appeal: https://www.linkedin.com/posts/activity-7294329748451680256-mZ03
Site: https://zerodays.ie/
Critical zero-days impact premium WordPress real estate plugins
https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/
#Infosec #Security #Cybersecurity #CeptBiro #ZeroDays #WordPress #Plugins
Most of 2023’s Top Exploited Vulnerabilities Were #ZeroDays says #CISA
In 2023, the majority of the most frequently exploited #vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day. Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the #vulnerability.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a #itsec
Firefox & Windows Zero-Days exploited by Russian RomCom Threat Actor’s.
IT-security researchers at ESET have exposed a malicious campaign by the Russia-linked RomCom group, which combined two previously unknown (zero-day) vulnerabilities to compromise targeted systems including Windows and Firefox.
#firefox #windows #zerodays #backdoor #it #security #privacy #engineer #media #tech #news
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst