Zero-Day
-
N-able N-central: More Than 800 On-Premises Servers Remain Unpatched as Two Critical Flaws See Active Exploitation
More than 800 N-able N-central servers remain unpatched against two critical, actively exploited flaws (CVE-2025-8875 and CVE-2025-8876), prompting federal and private-sector action as researchers warn that thousands of instances remain exposed online. Patch guidance and regulatory responses are being rolled out as investigations continue into the scope of exploitation.
-
Netherlands says CVE-2025-6543 in Citrix NetScaler exploited to breach critical organizations
The Netherlands’ National Cyber Security Centre warned that CVE-2025-6543 in Citrix NetScaler was exploited to breach multiple critical organizations, turning a memory overflow vulnerability into remote code execution and prompting urgent upgrades to patched versions.
-
WinRAR Addresses Critical Zero-Day Vulnerability Exploited in Active Attacks
WinRAR has released an urgent update to address a critical zero-day vulnerability, CVE-2025-8088, that is actively being exploited to execute arbitrary code through malicious archive files. Users are strongly advised to upgrade to version 7.13.
-
Adobe Issues Critical Updates to Address Zero-Day Vulnerabilities in AEM Forms
Adobe has released emergency updates to address critical zero-day vulnerabilities in AEM Forms after researchers revealed proof-of-concept exploit chains that could lead to remote code execution.
-
China Accuses US of Cyberattacks Using Microsoft Zero-Day Vulnerability
China has alleged that U.S. intelligence agencies conducted cyberattacks on Chinese military enterprises, exploiting a Microsoft zero-day vulnerability. The accusations come amid heightened tensions and increasing allegations of cyber warfare between the two nations.
-
National Nuclear Security Administration Targeted in SharePoint Vulnerability Attacks
The National Nuclear Security Administration has been hacked as part of a widespread campaign exploiting a Microsoft SharePoint vulnerability, with the potential breach of numerous government and private sector organizations. No sensitive information appears compromised, according to officials.
-
Google Issues Critical Update for Chrome to Address Exploited Security Flaw
Google has released a critical update for its Chrome browser, addressing a high-severity zero-day vulnerability that could allow remote attackers to escape the browser’s sandbox. This update comes on the heels of multiple exploited vulnerabilities earlier this year, underlining the importance of regular browser updates.
-
Google Patches Critical Zero-Day Flaw in Chrome Amid Ongoing Cyber Threats
Google has issued a security patch for Chrome to address a severe zero-day vulnerability exploited in phishing attacks, urging users to update their browser as cyber threats continue to evolve.
-
Windows Zero-Day Exploit Traced to EncryptHub, Delivering Diverse Malware
EncryptHub is exploiting a critical zero-day vulnerability in Microsoft Windows, deploying a range of malware, including data stealers, as detailed by Trend Micro. This exploit takes advantage of the Microsoft Management Console’s functionality, posing significant risks to users.
