August 27, 2024 at 10:05AM Chinese hacking group Volt Typhoon exploited a zero-day vulnerability in Versa Director to upload a destructive webshell, allowing them to steal credentials and breach corporate networks. Versa has released an advisory outlining impacted versions and the recommended upgrade to fix the issue. Lumen’s Black Lotus Labs identified the exploit and … Read more
August 7, 2024 at 06:42PM Progress Software’s handling of a MOVEit Transfer zero-day flaw, leading to data exposure of 95 million people, was investigated by the SEC. However, in a recent filing, the SEC’s Division of Enforcement will not recommend any enforcement action regarding the security incident. Progress Software still faces numerous class-action lawsuits despite … Read more
May 10, 2024 at 07:00AM Google released security updates to fix a zero-day flaw (CVE-2024-4671) in Chrome actively exploited in the wild. The vulnerability involves use-after-free in the Visuals component, reported by an anonymous researcher on May 7, 2024. This is the second zero-day addressed by Google in 2024. Users are advised to upgrade their … Read more
November 16, 2023 at 11:48AM A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups, resulting in the theft of email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580, allowed the execution of malicious scripts by tricking users into clicking on a specially crafted URL. The attacks … Read more