#zerodays — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #zerodays, aggregated by home.social.
-
Een wereld waarin cybersecurity een zaak wordt van leven of dood, maakte @tegenlicht in 2014 al zichtbaar. "Maar hoe krachtig en toegankelijk kunstmatige intelligentie (AI) zou worden, konden we ons toen nog niet voorstellen."
Uit de afspeellijst Digitalisering en Landschap van het YouTube-kanaal van het multimediale transitieplatform @kunst_landschap (abonneren mag):
#exploits #zerodays #AI
https://www.youtube.com/watch?v=yP4-b1GGYSU&list=PLQ-TN_M4TSxPUeGT0d0yJ_oysx8apdMTt&index=1 -
If #claude Mythos is finding all these #ZeroDays, why aren't there a bunch of joint statements about massive #BugBounty pay outs to #Anthropic? :neocat_think_anime:
-
-
"An Australian national who has lived in the US since July 2023 while working out of Trenchant's DC offices on a visa, Williams wrote that at the time he committed the offenses, he was "experiencing significant professional pressure and personal anxiety." But instead of seeking help or "removing" himself from circumstances he said he was not handling well, he signed contracts worth $4 million to sell eight of his company's hacking tools to a Russian company called Operation Zero – a firm known to sell exploits to the Russian government and other non-NATO countries.
Williams, who is 39 years old and the father of two young children, acknowledged that his depression and burnout were not the causes of his crimes, but offered the court details about his mental state as explanation for why his judgment was impaired at the time and why his actions deviated so far from a lifetime spent in service to the Australian government and military. Williams' wife and older brother wrote similar letters to the court about the strain he was under between 2022 and 2025 when he committed his crimes – Williams was the sole breadwinner for his family and handled all financial and administrative aspects of their lives, in addition to his stressful job, his wife wrote; and his criminal actions were completely out of character for someone who had devoted his life to protecting his country and its ideals.
Williams had served in the Royal Australian Air Force reserves and had also worked a number of years for the Australian Signals Directorate, an Australian intelligence agency equivalent to the US National Security Agency."
-
AI And Cybersecurity: A Glass Half-Empty/Half-Full Proposition, Where The Glass Is Holding Nitroglycerin
-
That does sound very concerning. And in this case, I don‘t think it is just hype. Otherwise they would not share this stuff with Google, Amazon, Microsoft, Oracle et al.
#Anthropic #MythosPreview #AI #Zerodays -
That does sound very concerning. And in this case, I don‘t think it is just hype. Otherwise they would not share this stuff with Google, Amazon, Microsoft, Oracle et al. #Anthropic #MythosPreview #AI #Zerodays
-
#ZeroDays Cyber CTF is on in Croke Park today 👍 Good luck to all participants #HackThePlanet
-
Ars Technica: Millions of iPhones can be hacked with a new tool found in the wild. “Researchers at Google and cybersecurity firms iVerify and Lookout on Wednesday jointly revealed the discovery of a sophisticated iPhone hacking technique known as DarkSword that they’ve seen in use on infected websites, capable of instantly and silently hacking iOS devices that visit those sites.”
https://rbfirehose.com/2026/03/20/ars-technica-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/ -
Bleeping Computer: Google fixes two new Chrome zero-days exploited in attacks. “Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks.”
https://rbfirehose.com/2026/03/14/bleeping-computer-google-fixes-two-new-chrome-zero-days-exploited-in-attacks/ -
#Google says half of all #zerodays it tracked in #2025 targeted buggy #enterprise tech
Google said security and networking devices, #firewalls, #VPN and #virtualization platforms like Ivanti and VMware, were among targetes last year. All four of the companies said hackers have exploited their products on customer networks in recent months.
The remaining 52% of #zeroday bugs were found in consumer and end-user products, such as those made by Microsoft, Google, and Apple
https://techcrunch.com/2026/03/05/google-says-half-of-all-zero-days-it-tracked-in-2025-targeted-buggy-enterprise-tech/ -
Notfall-Updates für Apple-Geräte
Heute veröffentlichte Apple Notfall-Updates, die User:innen möglichst schnell installieren sollten, weil die gefixten ZeroDays bereits in freier Wildbahn angegriffen werden:
-
@HonkHase 1/2 Ich stimme dir komplett zu. #Hackbacks sind immer eine dumme Idee. Sie machen das Internet unsicherer und geben Staaten einen Vorwand, selbst anzugreifen. #ZeroDays sind geheime #Sicherheitslücken. Wenn Regierungen sie horten oder kaufen, statt sie zu melden, bleiben alle Menschen und Firmen in Gefahr.
-
Ein italienischer Anbieter von kommerzieller Spionagesoftware, Memento Labs – ein Nachfolger des einst berüchtigten Hacking Team – stehe im Verdacht, bei der Ausnutzung einer Chrome‑Zero‑Day‑Lücke (CVE‑2025‑2783) im Rahmen der Operation ForumTroll Malware zu liefern. Die Analyse von Kaspersky zeige, dass das bislang unbekannte Schadprogramm „Dante“ seit mindestens 2022 aktiv sei und über die Chrome‑Schwachstelle in hochrangige Ziele in Russland und Belarus eindringe. Die Angreifer haben dabei einen Fehler im Mojo‑IPC‑System von Chrome genutzt, um die Sandbox zu umgehen und mittels COM‑Hijacking persistente Loader zu installieren.
Der Vorfall werfe erneut ein Schlaglicht auf die Rolle kommerzieller Spyware‑Vendoren, die vermehrt Zero‑Days einsetzen, um Regierungen und Behörden weltweit mit Überwachungssoftware zu versorgen.
"Dante" sollte in Russland und Belarus angreifen. Das wird in Westeuropa aktuell niemand wirklich stören. Aber: Das Zurückhalten von Zero-Days - egal von welcher Seite - macht Systeme unsicher. Daher ist es umso wichtiger, Softwareupdates bekannter Zero-Days zeitnah zu installieren.https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
-
The Register: Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack. “Spooky season is in full swing, and this extends to Microsoft’s October Patch Tuesday with security updates for a frightful 175 Microsoft vulnerabilities, plus an additional 21 non-Microsoft CVEs. And even scarier than the sheer number of bugs: three are listed as under attack, with three […]
-
Threat actors continue to exploit #vulnerabilities in #security appliances, such as #firewalls and #VPN concentrators, to gain initial access. Not only #zerodays disclosed in 2025, but also old vulnerabilities remediated years ago, but left unpatched
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
-
"Google Threat Intelligence Group (GTIG) is tracking BRICKSTORM malware activity, which is being used to maintain persistent access to victim organizations in the United States. Since March 2025, Mandiant Consulting has responded to intrusions across a range of industry verticals, most notably legal services, Software as a Service (SaaS) providers, Business Process Outsourcers (BPOs), and Technology. The value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims.
We attribute this activity to UNC5221 and closely related, suspected China-nexus threat clusters that employ sophisticated capabilities, including the exploitation of zero-day vulnerabilities targeting network appliances. While UNC5221 has been used synonymously with the actor publicly reported as Silk Typhoon, GTIG does not currently consider the two clusters to be the same.
These intrusions are conducted with a particular focus on maintaining long-term stealthy access by deploying backdoors on appliances that do not support traditional endpoint detection and response (EDR) tools. The actor employs methods for lateral movement and data theft that generate minimal to no security telemetry. This, coupled with modifications to the BRICKSTORM backdoor, has enabled them to remain undetected in victim environments for 393 days, on average. Mandiant strongly encourages organizations to reevaluate their threat model for appliances and conduct hunt exercises for this highly evasive actor. We are sharing an updated threat actor lifecycle for BRICKSTORM associated intrusions, along with specific and actionable steps organizations should take to hunt for and protect themselves from this activity."
https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign?e=48754805
#CyberSecurity #China #Surveillance #Brickstorm #Malware #USA #ZeroDays
-
"Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image.
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said in an advisory.
The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address the security defect -"
https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
-
CW: #infosec ecosystems
One thing that is great about the threat intelligence gathering community is that simple things can feed known and unknown exploits, from ONE ENDPOINT, into the greater ecosystem to engineer fixes & mitigations FOR THE WHOLE ECOSYSTEM.
Keep this in mind when you BURN your #zerodays on me, for nothing. 😂
Ta! 🤣
#StateSponsoredMalware 🔍 🎥🧐#investigations
#GammaGroup🤝#Meta🔍📝🎥🧐
#RTDNA #infosec reporting 📝🧐 -
@heiseonline Obwohl diese Überwachungsmaßnahmen nur zielgerichtet eingesetzt werden sollen, schaden sie uns allen – auch in Deutschland und anderen Ländern. Denn damit der Bundestrojaner im Bedarfsfall funktioniert, müssen Sicherheitslücken offengehalten (#zeroday) oder eingeschmuggelt (#backdoor) werden.
Dadurch wird die gesamte globale IT-Infrastruktur unsicherer: Kriminelle und feindliche Geheimdienste können diese Hintertüren genauso nutzen wie die eigenen Geheimdienste.
Wäre schön, wenn Heise diese Zusammenhänge im Artikel erläutern würde.
#Bundestrojaner #Staatstrojaner #Govware #Malware #zerodays #Hintertür
-
The Register: Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild. “Google Threat Analysis Group (TAG) team members Clement Lecigne and Benoît Sevens spotted the high-severity bug, tracked as CVE-2025-5419, on May 27. It’s an out-of-bounds read and write vulnerability in Chrome’s V8 JavaScript engine that could allow a remote attacker to corrupt memory and potentially […]
-
GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: https://www.greynoise.io/blog/surge-ivanti-connect-secure-scanning-activity
#Ivanti #GreyNoise #Cybersecurity #ZeroDays -
Zero-day attacks on browsers and smartphones drop, says Google https://www.malwarebytes.com/blog/news/2025/05/zero-day-attacks-on-browsers-and-smartphones-drop-says-google #vulnerabilities #zerodays #Google #News
-
#Government #hackers are leading the use of attributed #zerodays
Google’s says number of #0day #exploits — flaws unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers.
https://techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/ -
Google: 97 #zeroday #exploits in #2024, over 50% in #spyware attacks
They noted that cyber-espionage threat actors—including government-backed groups and commercial #surveillance vendors' customers—were responsible for more than half of attributable #0day attacks in 2024.
End-user platforms and products (e.g., web browsers, mobile devices, and desktop operating systems) made up 56% of the tracked #zerodays.
https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/ -
Ars Technica: Google: Governments are using zero-day hacks more than ever. “Last year was big for zero-day exploits, security threats that appear in the wild before vendors have a chance to develop patches. Through its sprawling network of services and research initiatives, Google is the first to spot many of these threats. In a new report from the Google Threat Intelligence Group (GTIG), the […]
-
ADR Provides Application Visibility for CISOs | Closing Application Layer Gap | Contrast Security – Source: securityboulevard.com https://ciso2ciso.com/adr-provides-application-visibility-for-cisos-closing-application-layer-gap-contrast-security-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #ThoughtLeaders #dwelltime #ZeroDays #MTTR #ADR
-
Agencies using vulnerable Ivanti products have until Saturday to disconnect them - Enlarge (credit: Getty Images)
Federal civilian agencies have ... - https://arstechnica.com/?p=2000723 #connectsecure #security #zerodays #biz #ivanti #cisa
-
Great blog post by a colleague of mine who asks why "Security through obscurity" is not dead in 2023! How many "#cybersecurity #incidents" is it going to take to finally realize that keeping your #securitycontrols a secret is a good thing? How many times does the #cybercommunity have to demonstrate that sharing of #threatintelligence, #TTPs, #IOCs, #securityconcepts, #AwarenessTraining methods, #zerodays, and everything else that goes along with having a #DefenseInDepth approach to a #HealthySecurityProgram, is ACTUALLY THE GOOD THING 🤨
(ahem)
You want to know about the platform I architected? No problem! 👌🏻
You want to know what Threat Intelligence I gather? Check my GitHub (link on my profile 😁).
You want the keys to my kingdom? 🤣 No, but thanks for playing 👍🏻I'm NOT saying #compromise yourself or open some dark #backdoor to your systems. Just share the knowledge of how you're protecting stuff! Everyone is more #secure for it, and the next generation will make it better.
https://kalahari.substack.com/p/security-through-obscurity?sd=pf
-
🎙️ NY HVERDAG, NY EPISODE!
— CYBER2GO #48
📱 #Apple patcher zero-day til iPhones og iPads
📃 CFCS opdaterer logging-guide
🎮 #GTA V Online får første 2023-CVE
Lyt med hvor du normalt finder dine #podcasts eller på https://cyber2go.buzzsprout.com!
--
tags:
#cyber #CVE #CFCS #zerodays #cybersikkerhed #cybersec #nyhedsbriefing #cyber2go #dkmastodon #IT #fælleshjerne #teknik #cybersikkerhed #nyhedsbriefing #iphone #ipad #ios -
Es gibt eine krasse Diskrepanz zwischen der Argumentation der Befürworter des #Staatstrojaners und dem tatsächlichen Einsatz dieses Instrumentes. Dafür werden von staatlicher Seite Sicherheitslücken #zerodays angekauft und offengehalten mit einem IT-Sicherheitsrisiko für 83Mio
---
RT @FlorianFlade
Das Bundesamt für #Justiz hat korrigierte Zahlen zum Einsatz des "#Staatstrojaner|s" im Jahr 2019 veröffentlicht: Tatsächlich haben #Polize…
https://twitter.com/FlorianFlade/status/1362135847328485384
