Google TAG Exposes North Korean Campaign Targeting Researchers
The team has discovered the exploitation of at least one zero-day flaw in the last few weeks
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
The team has discovered the exploitation of at least one zero-day flaw in the last few weeks
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [...]
No user interaction needed for this one as Pegasus turns up via iMessage Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware
This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting.
Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year. [...]
Google's Threat Analysis Group (TAG) says North Korean state hackers are again targeting security researchers in attacks using at least one zero-day in an undisclosed popular software. [...]
The exploit code, shared by a researcher on Reddit, demonstrates the issue
All it takes is a simple copy-paste to undo a VPN service used by millions worldwide.
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild. [...]
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild
An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website. [...]