Security news aggregator

Latest coverage for 0-Day

A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.

Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.

Showing 14 most recent headlines Filtered view
Bank Info Security 2 years, 1 month ago

Surge in Attacks Against Edge and Infrastructure Devices

Increase in Known Vulnerabilities and Zero-Days Is Fueling Mass Hacking CampaignsAttackers are increasingly targeting cybersecurity devices deployed on the network edge to pivot into enterprise environments, as they take advantage of a surge in zero-day and known vulnerabilities in such devices, which organizations can take months to patch.

Government Nurtures Homegrown Talent and Hack-for-Hire Ecosystem, Research FindsChina boasts many of the world's most talented zero-day vulnerability researchers as well as a strict cybersecurity law compelling individuals to assist the state, and the government doesn't appear to shy away from using both those facts to its advantage, a new research study finds.

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. [...]