Security News

The exploits, which went back to early 2020 and used never-before-seen techniques, were "Watering hole" attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.

Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches. Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.

Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild. The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."

Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.

Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. "There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in an updated January security bulletin on March 18.

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.

Google has added new details on a pair of exploit servers used by a sophisticated threat actor to hit users of Windows, iOS and Android devices. Malware hunters at Google continue to call attention to a sophisticated APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.

For the third time this year, Google has shipped an urgent fix to block in-the-wild zero-day attacks hitting its flagship Chrome browser. The latest emergency Chrome patch, available for Windows, MacOS and Linux, provides cover for at least five documented vulnerabilities.