Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group
Four flaws open mobiles, cars to remote-control at baseband level with just a phone number Google security analysts have warned Android device users that several zero-day vulnerabilities in some Samsung chipsets could allow an attacker to completely hijack and remote-control their handsets knowing just the phone number.…
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Four of these vulnerabilities enabled potential attackers to perform remote code execution
Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [...]
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction
Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. [...]
Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 baseband zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. [...]
A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware. [...]
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!
CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. [...]
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. [...]
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [...]
Different CVE, same root security problem Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group (TAG).…
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. [...]
Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. [...]
In the game of cricket, 111 is an unauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. [...]