Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network

The Hacker News
Open in Source
#microsoft#zero_day#The Hacker News
Protecting Your Business Communications: The Critical Role of Secure Email Gateways

Email is still the backbone of how businesses communicate, with more than 300 billion messages sent every day.…

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

China Linked Houken Hackers Breach French Systems with Ivanti Zero Days

ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector.

Initial Access Broker Self-Patches Zero Days as Turf Control

A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.

AI Tackles Binary Code Challenges to Fortify Supply Chain Security

Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn't come without challenges. It looks like AI has come to the rescue.

Update your Chrome to fix new actively exploited zero-day vulnerability

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Chrome Zero-Day, 'FoxyWallet' Firefox Attacks Threaten Browsers

Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users.

Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch—it’s about the small choices, default settings