SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before ...
HotHardware

CrushFTP Zero-Day Exploit Leaves Thousands Of Servers Vulnerable To Hijacking

CrushFTP, a service that provides users with secure file server software, has recently been targeted by hackers. Unfortunately, it seems as if some customers have been compromised, with thousands of ...
Forbes

Windows Passwords At Risk As New 0-Day Confirmed — Act Now

This new Windows zero-day has no official fix. Oh boy, it’s raining zero days for Windows users right now. Just two weeks on from Microsoft confirming no less than six zero-day attacks impacting users ...
Bleeping Computer

Mitel MiCollab zero-day flaw gets proof-of-concept exploit

Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. Mitel MiCollab is an enterprise ...
Hosted on MSN

Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… The bug, tracked as CVE-2025-8088, is a ...
PC World

Update Chrome now! Your PC is at risk from this zero-day exploit

Another major flaw has been found in Chrome—and it’s already being exploited in the wild. First discovered by Google’s Threat Analysis Group on May 27th, this zero-day vulnerability allows attackers ...
Hosted on MSN

Google pushes emergency patch for Chrome 0-day – check your browser version now

Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.… The vuln, ...
Dark Reading

2 Android Zero-Day Bugs Under Active Exploit

Google has patched 62 vulnerabilities in Android, including two zero-days that are actively being exploited in attacks, tracked as CVE-2024-53197 and CVE-2024-53150. CVE-2024-53197 is a privilege ...
CSOonline

iPhone users targeted in Apple’s first zero-day exploit in 2025

Apple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple’s Core Media framework. “A malicious application may be able to ...
HotHardware

A Microsoft SharePoint 0-Day Security Vulnerability Was Just Weaponized At Scale

Microsoft Systems administrators everywhere, it looks like you get a Patch Monday as a side dish to the usual Patch Tuesday this week. There's a full remote code vulnerability (RCE) exploit for ...
Ars Technica

High-severity WinRAR 0-day exploited for weeks by 2 groups

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached ...
Forbes

Samsung Spyware Attack — Critical Landfall 0-Day Exploited

Landfall spyware attacks targeted Samsung smartphones. Updated November 9 with a statement and advice from Meta regarding the potential WhatsApp connection as mentioned in the Landfall Samsung spyware ...