Tag

Zero Day Attack

All articles tagged with #zero day attack

technology4 months ago•1 min saved

WhatsApp patches critical zero-day vulnerabilities exploited in iOS and Mac hacks

WhatsApp has patched a zero-click security vulnerability (CVE-2025-55177) in its iOS and macOS clients that was exploited in targeted zero-day attacks, potentially allowing attackers to process malicious content on users' devices. The vulnerability was linked to an OS-level flaw (CVE-2025-43300) exploited in sophisticated spyware campaigns, prompting affected users to reset their devices and update their software. This follows previous zero-day patches by WhatsApp, including one used to install spyware targeting journalists and civil society members.

via BleepingComputer|

#ios #macos #security-vulnerability

cybersecurity1 year ago•2 min saved

Zero-Day TikTok Hack Compromises High-Profile Accounts via DMs

Hackers have exploited a zero-day vulnerability to plant malicious code in high-profile TikTok accounts, including those of Paris Hilton and CNN. The malware is spread via TikTok's direct messaging function, forcing CNN to temporarily shut down its account. The breach has raised concerns about TikTok's cybersecurity measures, especially with the upcoming presidential election. This incident follows previous vulnerabilities in TikTok's security, and ByteDance, TikTok's parent company, faces pressure to divest its US operations due to data privacy concerns.

via New York Post |

#cnn #cybersecurity #malware

cybersecurity1 year ago•3 min saved

"Palo Alto Networks Faces Zero-Day Backdoor Exploitation"

Threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on affected firewalls. The attack, known as Operation MidnightEclipse, involves the deployment of a Python-based backdoor to create a cron job that fetches and executes commands from an external server. The attackers have been observed creating a reverse shell, downloading additional tools, and exfiltrating data, prompting the U.S. Cybersecurity and Infrastructure Security Agency to add the flaw to its Known Exploited Vulnerabilities catalog. Organizations are advised to apply patches promptly, as the threat actor, dubbed UTA0218, is suspected to be state-backed and highly capable.

via The Hacker News|

#cve-2024-3400 #cybersecurity #palo-alto-networks

cybersecurity1 year ago•2 min saved

"DarkGate Malware Exploits Unpatched Windows Flaw in Zero-Day Attack"

A DarkGate malware campaign exploited a recently patched Microsoft Windows flaw in a zero-day attack, using bogus software installers and Google DoubleClick Digital Marketing open redirects to lead victims to compromised sites hosting the vulnerability. The attack chain involved phishing emails with PDF attachments, open redirects, and fake software installers to deliver the DarkGate malware. Additionally, counterfeit installers for popular software like Adobe Reader and Notion are being used to distribute information stealers, while new stealer malware families like Planet Stealer and Tweaks are being exploited through platforms like YouTube and Discord. Malvertising and social engineering campaigns are also being used to disseminate a wide range of stealer and remote access trojans.

via The Hacker News|

#cybersecurity #darkgate-malware #exploited-flaw