Security News

Synology hurries out patches for zero-days exploited at Pwn2Own
2024-11-01 16:38

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

Hackers target critical zero-day vulnerability in PTZ cameras
2024-10-31 18:23

Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and...

Windows Themes zero-day bug exposes users to NTLM credential theft
2024-10-30 21:30

Plus a free micropatch until Redmond fixes the flaw There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…

QNAP patches second zero-day exploited at Pwn2Own to get root
2024-10-30 17:36

QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]

New Windows Themes zero-day gets free, unofficial patches
2024-10-29 20:21

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. [...]

QNAP fixes NAS backup software zero-day exploited at Pwn2Own
2024-10-29 17:35

QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. [...]

Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland
2024-10-26 09:42

The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. [...]

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
2024-10-24 09:04

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a...

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
2024-10-23 18:03

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [...]

Fortinet warns of new critical FortiManager flaw used in zero-day attacks
2024-10-23 15:05

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations,...