All news with #zero day exploitation tag

🔒 Coruna is an evolved iOS exploit framework tied to the earlier Operation Triangulation espionage campaign and now includes support for modern Apple silicon such as A17 and M3 chips and iOS builds up to 17.2. Kaspersky found five exploit chains leveraging 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606, and determined parts of the kernel exploit are maintained revisions of Triangulation code. The attack begins via a Safari stager that fingerprints the device, selects tailored RCE and PAC exploits, downloads encrypted components decrypted with ChaCha20 and decompressed with LZMA, then loads payloads appropriate to ARM64/ARM64E architectures. Kaspersky also observed Coruna’s use in financially motivated campaigns that impersonate crypto exchanges; Apple has released fixes and users should apply updates promptly.

⚠️ Coruna, an iPhone exploit kit, repurposes an updated kernel exploit originally used in the 2023 Operation Triangulation campaign, according to Kaspersky. The kit targets iOS 13.0–17.2.1 devices with five full exploit chains and 23 exploits, fingerprinting Safari visitors and selecting tailored Mach-O loaders and payloads. Kaspersky warns the actively maintained, modular codebase now enables mass exploitation and broader criminal reuse, increasing risk to unpatched users.

🔔 A new critical out-of-bounds read vulnerability, CVE-2026-3055, affects customer-managed Citrix NetScaler ADC and NetScaler Gateway appliances configured as SAML IDPs and is rated 9.3 on the CVSS scale. The flaw allows unauthenticated remote attackers to leak potentially sensitive memory from the appliance, risking exposure of credentials and secrets. Citrix is urging immediate installation of updated builds and defenders should reduce public exposure and prioritize patching.

🔒 CISA has directed all federal civilian agencies to urgently patch a critical remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) — tracked as CVE-2026-20131 with a CVSS score of 10. Cisco released a fix on 4 March after reports that the Interlock ransomware group had been exploiting the flaw as a zero day. Agencies were given just three days after KEV listing to patch or discontinue use due to active ransomware campaigns.

🔒 CISA ordered U.S. federal agencies to patch three iOS vulnerabilities exploited by the DarkSword exploit kit, imposing a two-week deadline under BOD 22-01. Apple has released fixes and the flaws now only affect iPhones running iOS 18.4 through 18.7. Researchers linked DarkSword to multiple threat groups and to data-stealing malware families including GhostBlade, GhostKnife, and GhostSaber.

⚠️ CISA has added five actively exploited vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to patch them by April 3, 2026. The flaws include high‑severity memory corruption bugs in Apple WebKit and kernel components and critical code injection issues in Craft and Laravel that were fixed in 2025. Security researchers have observed exploitation linked to the DarkSword iOS exploit kit and campaigns attributed to MuddyWater.

⚠️ Amazon disclosed that the ransomware group Interlock exploited a critical deserialization flaw in Cisco Secure Firewall Management Center (CVE-2026-20131) as a zero-day beginning January 26, roughly 38 days before Cisco released a patch on March 4. The bug carries a CVSS score of 10 and was addressed in Cisco’s semiannual firewall update alongside a second high-severity FMC issue. Using its MadPot honeypot network, Amazon captured attacker activity, recovered a malicious ELF binary, and traced a full attack chain that leveraged a single poorly secured staging server. The findings underscore the limits of patching alone and the need for layered defenses and urgent log hunting for provided indicators.

⚠️Researchers from Google Threat Intelligence Group, Lookout and iVerify report a new full‑chain JavaScript exploit kit named DarkSword has been used since at least November 2025 to fully compromise iPhones and exfiltrate sensitive data. The kit has appeared in watering‑hole campaigns targeting users in Saudi Arabia, Turkey, Malaysia and Ukraine and is linked to multiple actors including UNC6353, UNC6748 and a Turkish vendor. Apple has released patches addressing the exploited CVEs; users should install updates promptly.

🔒 The Interlock ransomware gang exploited a maximum-severity remote code execution flaw in Cisco Secure Firewall Management Center as a zero-day beginning January 26, 2026. Cisco released a patch for CVE-2026-20131 on March 4, warning it allowed unauthenticated attackers to execute arbitrary Java code as root on unpatched devices. Amazon's threat team reported Interlock had been exploiting the vulnerability for 36 days prior to public disclosure.

⚠️ Amazon Threat Intelligence warns of an active Interlock ransomware campaign exploiting a critical Cisco Secure Firewall Management Center vulnerability tracked as CVE-2026-20131 (CVSS 10.0). The flaw enables insecure deserialization of a user-supplied Java byte stream, allowing unauthenticated remote code execution as root. Amazon telemetry shows zero-day exploitation since January 26, 2026, and the actor's toolkit includes multi-platform backdoors, reconnaissance scripts, and infrastructure-laundering components.

🔴 Google has released emergency patches addressing two actively exploited Chrome zero-day vulnerabilities, CVE-2026-3909 and CVE-2026-3910. The flaws affect Chromium-based browsers before version 146.0.7680.75, enabling out-of-bounds memory access and remote code execution via crafted web pages. Administrators should enable automatic updates, apply fixes immediately, monitor for outdated clients, and consider browser isolation to reduce exposure.

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-3909 (Google Skia out-of-bounds write) and CVE-2026-3910 (Google Chromium V8 unspecified). The agency cites evidence of active exploitation and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. CISA strongly urges all organizations to prioritize timely remediation to reduce exposure to attacks.

🔒 Google released security updates for Chrome to address two high-severity zero-day vulnerabilities that have been exploited in the wild. The flaws—CVE-2026-3909 (Skia out-of-bounds write) and CVE-2026-3910 (V8 sandbox code execution)—are rated CVSS 8.8 and were reported on March 10, 2026. Users should update to versions 146.0.7680.75/76 for Windows and macOS or 146.0.7680.75 for Linux and apply vendor patches for other Chromium-based browsers.

🔒 Google released emergency updates to address two Chrome zero-day vulnerabilities exploited in the wild. The first, CVE-2026-3909, is an out-of-bounds write in the Skia rendering library that can cause crashes or enable code execution; the second, CVE-2026-3910, is an inappropriate implementation issue in the V8 JavaScript/WebAssembly engine. Updates for Chrome Stable are rolling on Windows, macOS, and Linux; users should update promptly. If automatic updates are enabled, the patch will install on next launch.

🔒 Microsoft released its March Patch Tuesday updates addressing 79 vulnerabilities, including two publicly disclosed zero-day flaws. The zero-days are CVE-2026-21262, an SQL Server elevation-of-privilege issue (CVSS 8.8), and CVE-2026-26127, a .NET denial-of-service vulnerability. Security researchers warn that while only three flaws were rated critical, the bulk of fixes are elevation-of-privilege bugs in core Windows components and should be prioritised to avoid escalation chains and operational disruption.

🔒 Microsoft has released the Windows 10 KB5078885 extended security update for Enterprise LTSC and ESU devices. Install via Settings → Windows Update to move systems to build 19045.7058 (or 19044.7058 for LTSC 2021); the update consolidates March 2026 Patch Tuesday fixes that address 79 vulnerabilities, including two actively exploited zero-days. It also fixes a shutdown/hibernation bug and advances a controlled rollout of new Secure Boot certificates to maintain boot-time validation.

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.

🛡️ The window to respond to critical vulnerabilities is collapsing: disclosure-to-exploit can be as short as 24–48 hours today and is projected to shrink to minutes by 2028. Many organizations unknowingly expose unnecessary internet-facing services, turning unpatched systems into immediate attack opportunities. Intruder’s Head of Security recommends deliberate attack surface reduction through robust asset discovery, treating exposure as its own risk category, and continuous monitoring to prevent frantic, last-minute remediation.

⚠️ Google reports attackers increasingly exploit newly disclosed third‑party vulnerabilities to gain cloud access, with the exploitation window shrinking to days. Bug exploits, especially RCE flaws like React2Shell and XWiki, accounted for 44.5% of intrusions while credential-based breaches fell to 27%. Incidents include OIDC abuse via compromised packages, long-term espionage by state-linked groups, and insider-facilitated exfiltration, prompting calls for automated response.

🛡️ CISA has ordered federal agencies to patch three iOS vulnerabilities targeted by the Coruna exploit kit, which bundles multiple chains for at least 23 iOS flaws. Google researchers say Coruna provides PAC bypass, sandbox and PPL escapes, WebKit remote code execution and kernel elevation. Exploits are mitigated on recent iOS releases and can be blocked by private browsing or Lockdown Mode. CISA added the flaws to its KEV list and set a March 26 remediation deadline under BOD 22-01, urging organizations to prioritize fixes.