Security News

New Android NoviSpy spyware linked to Qualcomm zero-day bugs
2024-12-16 15:06

The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. [...]

Cleo patches critical zero-day exploited in data theft attacks
2024-12-12 17:03

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. [...]

Cleo patches zero-day exploited by ransomware gang
2024-12-12 16:19

Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom...

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
2024-12-11 06:29

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and...

Microsoft fixes exploited zero-day (CVE-2024-49138)
2024-12-10 20:59

On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute...

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
2024-12-10 18:33

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]

New Cleo zero-day RCE flaw exploited in data theft attacks
2024-12-10 15:09

Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]

Fully patched Cleo products under renewed 'zero-day-ish' mass attack
2024-12-10 13:32

Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products,...

New Windows zero-day exposes NTLM credentials, gets unofficial patch
2024-12-06 16:32

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

Mitel MiCollab zero-day and PoC exploit unveiled
2024-12-05 14:24

A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and...