home.social

#zero-day — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #zero-day, aggregated by home.social.

fetched live
  1. 📰 New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access

    🚨 CRITICAL ZERO-DAY: 'Bad Epoll' (CVE-2026-46242) in Linux Kernel allows any local user to gain full root access. The use-after-free bug affects servers, desktops & Android. PoC exists. Patch immediately! 🐧💥 #Linux #CyberSecurity #ZeroDay #Infosec

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/ba

  2. According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.

    Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.

    Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”

    citizenlab.ca/research/member-

  3. According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.

    Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.

    Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”

    citizenlab.ca/research/member-

  4. Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo

    Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira.

    insicurezzadigitale.com/pegasu

  5. Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo

    Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira.

    insicurezzadigitale.com/pegasu

  6. "The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."

    Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first infosecurity-magazine.com/news #opensource #vulnerability #zeroday #infosec #GitHub

    @ifin

  7. "The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."

    Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first infosecurity-magazine.com/news #opensource #vulnerability #zeroday #infosec #GitHub

    @ifin

  8. ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240

    Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo.

    insicurezzadigitale.com/shinyh

  9. ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240

    Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo.

    insicurezzadigitale.com/shinyh

  10. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7b8f7c0a3cd75a7418e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:20

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  11. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7b8f7c0a3cd75a7418e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:20

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  12. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7cc12c463cf068eb18e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:40

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  13. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7cc12c463cf068eb18e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:40

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  14. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.

    Pulse ID: 6a43f039e387ddd12ed0896c
    Pulse Link: otx.alienvault.com/pulse/6a43f
    Pulse Author: AlienVault
    Created: 2026-06-30 16:35:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault

  15. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.

    Pulse ID: 6a43f039e387ddd12ed0896c
    Pulse Link: otx.alienvault.com/pulse/6a43f
    Pulse Author: AlienVault
    Created: 2026-06-30 16:35:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault

  16. Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach

    Pulse ID: 6a43b6c13fab9fc8aaf7d908
    Pulse Link: otx.alienvault.com/pulse/6a43b
    Pulse Author: cryptocti
    Created: 2026-06-30 12:29:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti

  17. Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach

    Pulse ID: 6a43b6c13fab9fc8aaf7d908
    Pulse Link: otx.alienvault.com/pulse/6a43b
    Pulse Author: cryptocti
    Created: 2026-06-30 12:29:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti

  18. «Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
    Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»

    Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.

    💥 winfuture.de/news,159668.html

    #zeroday #itsec #opensource #ssh #git

  19. «Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
    Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»

    Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.

    💥 winfuture.de/news,159668.html

    #zeroday #itsec #opensource #ssh #git

  20. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    Pulse ID: 6a3df9837d7dbabcbacbe505
    Pulse Link: otx.alienvault.com/pulse/6a3df
    Pulse Author: Tr1sa111
    Created: 2026-06-26 04:01:07

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111

  21. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    Pulse ID: 6a3df9837d7dbabcbacbe505
    Pulse Link: otx.alienvault.com/pulse/6a3df
    Pulse Author: Tr1sa111
    Created: 2026-06-26 04:01:07

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111

  22. Cisco unter Beschuss

    Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen

    pc-fluesterer.info/wordpress/2

    #0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday

  23. Cisco unter Beschuss

    Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen

    pc-fluesterer.info/wordpress/2

    #0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday

  24. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.

    Pulse ID: 6a3d476551c12310394b4adc
    Pulse Link: otx.alienvault.com/pulse/6a3d4
    Pulse Author: AlienVault
    Created: 2026-06-25 15:21:09

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault

  25. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.

    Pulse ID: 6a3d476551c12310394b4adc
    Pulse Link: otx.alienvault.com/pulse/6a3d4
    Pulse Author: AlienVault
    Created: 2026-06-25 15:21:09

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault

  26. Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale

    Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento.

    insicurezzadigitale.com/kit-ai

  27. Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale

    Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento.

    insicurezzadigitale.com/kit-ai

  28. Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza

    I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza.

    insicurezzadigitale.com/skill-

  29. Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza

    I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza.

    insicurezzadigitale.com/skill-

  30. Beschleunigung durch AI: Die Zero-Day-Clock zeigt die Entwicklung. 8 Stunden dauert es nur noch im Schnitt von der CVE-Veröffentlichung bis zur Ausnutzung.

    zerodayclock.com/

    #AI #KI #ZeroDayClock #Exploit #ZeroDay #infosec

  31. 🔹 THREAT INTELLIGENCE

    Weekly Threat Roundup: 2026-06-15 to 2026-06-21

    Roundup | HIGH
    CVEs: CVE-2026-20262

    Cybersecurity roundup for 2026-06-15 to 2026-06-21. 1 CVE advisories, 5 breach reports, 3 threat news stories.

    Full analysis:
    yazoul.net/news/article/2026-w

    #InfoSec #ZeroDay #ThreatHunting

  32. Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability

    Pulse ID: 6a37ead6c2b4d6abae58d5fc
    Pulse Link: otx.alienvault.com/pulse/6a37e
    Pulse Author: cryptocti
    Created: 2026-06-21 13:44:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti

  33. Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability

    Pulse ID: 6a37ead6c2b4d6abae58d5fc
    Pulse Link: otx.alienvault.com/pulse/6a37e
    Pulse Author: cryptocti
    Created: 2026-06-21 13:44:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti

  34. Windows. Neuer Proof-of-Concept-Exploit von Chaotic Eclipse (aka Nightmare Eclipse) für
    RoguePlanet ZeroDay in Defender.

    Microsoft bestätigt, dass der RoguePlanet Zero-Day Microsoft Defender betrifft und als CVE-2026-50656 (CVSS-Score von 7,8) getrackt wird. Die Sicherheitslücke ermöglicht eine Rechteausweitung über die Microsoft Malware Protection Engine.

    github.com/MSNightmare/RoguePl

    #Microsoft #Windows #ZeroDay #infosec

  35. Een ministerie weet in maart dat het is gehackt. Pas in juni weet het hoe.

    Elke dag een nieuwe vraag die je kunt beantwoorden op ccinfo.nl

    Hoe lang zou uw organisatie erover doen om te achterhalen wat een aanvaller precies heeft meegenomen?

    #Cybersecurity #zeroday #Rijksoverheid #incidentrespons #informatiebeveiliging

  36. ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection

    Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento.

    insicurezzadigitale.com/clickf

  37. ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection

    Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento.

    insicurezzadigitale.com/clickf

  38. «Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
    Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»

    Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.

    🔓 it-daily.net/it-sicherheit/cyb

    #hacker #datenschutz #datenleck #online #zeroday #klartext

  39. «Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
    Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»

    Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.

    🔓 it-daily.net/it-sicherheit/cyb

    #hacker #datenschutz #datenleck #online #zeroday #klartext

  40. 🔵 THREAT INTELLIGENCE

    Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

    Vulnerability | CRITICAL
    CVEs: CVE-2026-20262

    Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in...

    Full analysis:
    yazoul.net/news/article/cisco-

    #InfoSec #ZeroDay #SecurityOps