SonicWall has issued a warning about a new zero-day vulnerability (CVE-2025-40602) in the SMA1000 Appliance Management Console, which has been exploited in attacks to escalate privileges. The flaw is being exploited in conjunction with another critical vulnerability (CVE-2025-23006) to execute remote code with root privileges. SonicWall advises users to update to the latest firmware to mitigate the risk, as over 950 appliances are exposed online. This follows recent security breaches and malware attacks targeting SonicWall devices.
Hackers linked to Cl0p exploited a zero-day flaw in Oracle's E-Business Suite to breach dozens of organizations, using sophisticated malware and extortion tactics, with ongoing assessments of the full scope of the attack.
Cisco warns of two critical zero-day vulnerabilities in its ASA and FTD software, actively exploited in the wild, prompting CISA to issue an emergency mitigation directive for federal agencies. The vulnerabilities allow remote code execution and unauthorized access, with ongoing attacks linked to a threat group called ArcaneDoor, posing significant risks to affected networks.
CISA warns of a critical zero-day vulnerability in WhatsApp (CVE-2025-55177) that allows attackers to manipulate device synchronization messages, potentially leading to remote code execution and content spoofing. Users and organizations are urged to apply the September 2 patch or suspend WhatsApp use until secure updates are implemented.
Researchers revealed that the Russian RomCom hacking group exploited a previously unknown WinRAR path traversal vulnerability (CVE-2025-8088) in July 2025 to deliver malware via malicious archives, leading to the release of a patch by WinRAR. The attack involved hiding malicious files in alternate data streams and executing malware upon archive extraction, with multiple malware families identified. Users are advised to update WinRAR manually as it lacks an auto-update feature.
ESET researchers discovered a zero-day vulnerability in WinRAR, exploited by the Russia-aligned group RomCom in targeted campaigns against European and Canadian sectors, leading to the deployment of backdoors and malware. WinRAR released a patch promptly, and users are advised to update immediately to mitigate ongoing threats.
SonicWall has advised users to disable SSLVPN services due to potential exploitation of a zero-day vulnerability in Gen 7 firewalls by ransomware gangs, following reports of active attacks and advisories from cybersecurity firms. The company recommends securing firewalls, enabling MFA, and restricting access to mitigate risks while investigating the issue.
The Department of Homeland Security was affected by a cyberattack exploiting a zero-day vulnerability in Microsoft SharePoint, with multiple federal agencies potentially compromised. The attack, linked to Chinese state-aligned groups, involved unpatched systems and targeted sensitive government information. Microsoft has issued patches, and authorities are assessing the scope of the breach.
Hackers have exploited a zero-day vulnerability in Microsoft SharePoint, breaching at least 400 organizations including government agencies like the NNSA, allowing remote code execution and data access. Microsoft has issued patches, but the attack highlights ongoing cybersecurity risks, especially from China-backed groups, with an increase in compromises expected.
The U.S. Treasury Department has sanctioned Chinese cybersecurity firm Sichuan Silence and its employee Guan Tianfeng for exploiting a zero-day vulnerability in Sophos firewalls, compromising around 81,000 firewalls globally, including over 23,000 in the U.S. The attack targeted critical infrastructure, including a government agency and an energy company, with the intent to steal data and potentially deploy Ragnarok ransomware, posing significant risks to human life.
Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall management interface, which is being actively exploited to deploy web shells for persistent remote access. The flaw, with a CVSS score of 9.3, allows unauthenticated remote command execution and requires no user interaction. While patches are not yet available, users are urged to secure their management interfaces. The vulnerability is distinct from other recent critical flaws in Palo Alto Networks products, and there is no evidence linking the activities.
Trend Micro's Zero Day Initiative (ZDI) criticized Microsoft for not crediting them in the disclosure and patching of a zero-day vulnerability in MSHTML, reported in May and patched in July. ZDI claims the flaw is a remote code execution vulnerability, contrary to Microsoft's classification as a spoofing vulnerability. This incident highlights broader issues in the coordinated vulnerability disclosure process, with vendors often failing to properly communicate and credit researchers.
Check Point has released emergency hotfixes for a zero-day VPN vulnerability (CVE-2024-24919) that was exploited to gain remote access to firewalls and corporate networks. The flaw affects various Check Point products, and the company has provided detailed instructions for applying the updates. The hotfixes also include measures to block login attempts using weak credentials.
Google has released an urgent update for Chrome on Windows, Mac, and Linux to patch nine security vulnerabilities, including a critical zero-day flaw (CVE-2024-4947) that is actively being exploited. Users are strongly advised to update their browsers immediately to protect against potential cyberattacks.
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls since March 26, using compromised devices to breach internal networks, steal data, and credentials. The vulnerability, tracked as CVE-2024-3400, allows unauthenticated remote code execution in PAN-OS firewall software. Volexity, which discovered the zero-day flaw, believes it is highly likely that state-sponsored threat actors are conducting the attacks. The hackers have installed a custom backdoor named 'Upstyle' to pivot to the target's internal network and steal data, and have also deployed additional payloads to start reverse shells and exfiltrate data. Network devices have become a popular target for threat actors to gain initial access to a network and steal data.
