Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Dec 18, 2025Ravie LakshmananVulnerability / Network Security Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software...
zeroday
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained...
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according...
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Oracle EBS zero-day used by Clop to breach Barts Health NHS Pierluigi Paganini December 08, 2025 Clop ransomware stole data...
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet Pierluigi Paganini November 19, 2025 Fortinet patched a new FortiWeb zero-day,...
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
5Critical 58Important 0Moderate 0Low Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild. Microsoft...
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks Pierluigi Paganini November 07, 2025 A now-patched Samsung Galaxy flaw,...
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats Pierluigi Paganini November 01, 2025 A China-linked APT group UNC6384...
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from...
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion Pierluigi Paganini October 13, 2025 Google and Mandiant link Oracle...
CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack
CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack Pierluigi Paganini October 11, 2025 Threat actors are exploiting a zero-day,...
CVE-2025-61882 Explained: The Oracle Zero-Day Breach That Hit Enterprises Hard
A critical zero-day vulnerability in Oracle E-Business Suite (EBS) was exploited by the Cl0p ransomware group in mid-2025. The flaw,...
GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns
GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns Pierluigi Paganini October 07, 2025 Storm-1175 exploits GoAnywhere MFT flaw...
Zimbra users targeted in zero-day exploit using iCalendar attachments
Zimbra users targeted in zero-day exploit using iCalendar attachments Pierluigi Paganini October 06, 2025 Threat actors exploited a Zimbra zero-day...
Broadcom patches VMware Zero-Day actively exploited by UNC5174
Broadcom patches VMware Zero-Day actively exploited by UNC5174 Pierluigi Paganini September 30, 2025 Broadcom patched six VMware flaws, including CVE-2025-41244,...
