Search Results: ZeroDay

Gladinet has released emergency updates for CentreStack to address a critical local file inclusion vulnerability (CVE-2025-11371) exploited as a zero-day since September. The flaw bypassed previous mitigations for a remote code execution weakness, enabling full system compromise. Security teams must immediately upgrade to version 16.10.10408.56683.

Security researchers reveal that a critical vulnerability in Microsoft Exchange servers is being actively exploited by state-sponsored threat actors despite being patched months ago. Thousands of organizations remain at risk due to delayed patching cycles, exposing email systems to data theft and espionage.

Samsung has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-21043) in its image processing library, allowing remote code execution on Android devices. Discovered by Meta and WhatsApp security teams and already exploited in the wild, this flaw impacts Android 13 through 16. Users must install the September security update immediately to prevent potential device takeover.

A critical directory traversal vulnerability in WinRAR (CVE-2025-8088) was exploited as a zero-day by Russian-aligned RomCom hackers to deploy malware via phishing campaigns. The flaw allowed attackers to hijack extraction paths and achieve persistent remote code execution. All WinRAR users must manually update to version 7.13 immediately.

SonicWall has issued an emergency advisory urging organizations to disable SSLVPN services on Gen 7 firewalls amid suspected zero-day exploitation by ransomware gangs. Multiple cybersecurity firms have observed attackers bypassing MFA and compromising networks within hours, prompting urgent mitigations while investigations continue.

Apple has urgently patched CVE-2025-6558—a high-severity sandbox escape vulnerability in the WebKit ANGLE graphics layer actively weaponized against Chrome users. The flaw, discovered by Google's Threat Analysis Group, enables remote code execution via malicious web pages and joins CISA's must-patch catalog.