Technology ❯ Cybersecurity ❯ Vulnerabilities

Zero-Day Vulnerabilities

Apple Security Updates Fortinet FortiWeb Palo Alto Networks CVE-2024-39717 CVE-2024-38217 CVE-2024-43572 Microsoft Products Apple WebKit NTLM Credentials Theft CVE-2024-49138 Cisco ASA CVE-2025-0282 VPN Software CVE-2025-21333 CVE-2025-2783 CVE-2025-24085 VMware Vulnerabilities CVE-2025-24201 CVE-2025-24983 Exploitation of Zero-Day Vulnerabilities WinRAR CVE-2025-8088 CVE-2025-53770 Exploited Vulnerabilities Exploitation Trends Microsoft SharePoint Microsoft Windows CVE-2025-5419 CVE-2024-38475 WinRAR Vulnerability CVE-2025-8088 Exploitation Techniques Microsoft SQL Server Sitecore Vulnerability SonicWall Products SonicWall SSL VPNs SonicWall Gen 7 Firewalls Exploitation SonicWall SSL VPN Trend Micro Apex One SonicWall CVE-2024-40766 Remote Code Execution CVE-2025-43300 Exploit Development Microsoft Patches CVE-2025-59689 Citrix NetScaler CVE-2025-53690 Sitecore Cisco ASA Software CVE-2025-10585 Samsung Devices Google Chrome Update CVE-2025-61882 Android Security Oracle E-Business Suite CVE-2025-24990 CVE-2025-11371 Windows RasMan Vulnerability Microsoft Security Updates Security Patches Windows Remote Access Connection Manager Google Chrome CVE-2025-62221 CVE-2025-64671 Gogs RCE Vulnerability CVE-2025-8110 CVE-2025-21042 Privilege Escalation CVE-2025-61757 CVE-2025-20393 Cisco WebKit Common Vulnerability Scoring System Check Point VPN Vulnerability Cisco AsyncOS Browser Security CVE-2025-53779

Huntress Uncovers Pre-Disclosure ESXi VM-Escape Toolkit Used in December Intrusion

Huntress reports the VM-escape toolkit predates VMware’s March 2025 disclosures by more than a year.

China-Linked Hackers Exploit Cisco Email Zero-Day With No Patch as CISA Flags Active Threat

SonicWall Patches Actively Exploited SMA1000 Zero-Day, Urges Immediate Hotfixes

Chrome Pushes Emergency Update After In‑the‑Wild Exploit, Fixes High‑Severity WebGPU and V8 Bugs

Unpatched Gogs Zero-Day Is Under Active Exploitation, 700+ Servers Compromised

Google Ships Emergency Chrome Patch for Eighth 2025 Zero-Day Exploit

Microsoft’s December Patch Tuesday Fixes 57 Flaws, Including Exploited Windows Zero-Day

CISA Adds Oracle Identity Manager RCE to KEV, Citing Active Exploitation and Setting Dec. 12 Deadline

Fortinet Confirms Second FortiWeb Flaw Under Active Attack as CISA Demands Rapid Fixes

Fortinet Confirms Critical FortiWeb Zero-Day Is Being Exploited as CISA Sets Nov. 21 Patch Deadline

Memento Labs CEO Confirms Dante Spyware Ownership After Chrome Zero-Day Campaign Exposed

Pwn2Own Ireland Awards $1.02 Million for 73 Zero‑Days as Summoning Team Wins Master of Pwn

Microsoft’s October Patch Tuesday Fixes 175 Flaws as CISA Orders Rapid Patching of Exploited Zero‑Days

Active Exploits Target Gladinet CentreStack and TrioFox Zero-Day That Can Lead to RCE

Oracle Rushes Fix as Cl0p’s Exploitation of E‑Business Suite Zero‑Day Dates to August

Libraesva Rushes Patch for ESG Flaw Exploited by Suspected State Actor

Google Rushes Chrome Fix for Actively Exploited V8 Zero-Day

CISA Orders Immediate Fix for Actively Exploited Sitecore ViewState Flaw (CVE-2025-53690)

Citrix NetScaler Zero‑Day Triggers Emergency Patching as Thousands of Devices Remain Exposed

WinRAR Issues Patch for Zero-Day Exploited by Two Russia-Aligned Groups