Security news aggregator

Latest coverage for 0-Day

A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.

Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.

Showing 19 most recent headlines Filtered view
Bank Info Security 1 year, 8 months ago

Hackers Probing Newly Disclosed Fortinet Zero Day

Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated AccessResearchers at Mandiant say a new threat cluster first observed June 27 has been exploiting a Fortinet zero day the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Bank Info Security 1 year, 8 months ago

Fortinet Discloses Actively Exploited Zero-Day

U.S. Federal Government Gives Agencies Three Weeks to Patch or MitigateFortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

Bank Info Security 1 year, 8 months ago

Researchers Debut AI Tool That Helps Detect Zero-Days

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub ProjectsSecurity researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.