All posts tagged: ZeroDay

Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited

Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited

Published by Webster

A critical Oracle PeopleSoft flaw is already being exploited, putting more than 100 organizations on alert. Oracle issued an emergency advisory for CVE-2026-35273, a vulnerability affecting PeopleSoft versions 8.61 and 8.62 that can allow unauthenticated remote code execution. Google Threat Intelligence Group and Mandiant researchers said the campaign targeted internet-exposed systems used by universities, businesses, and other large institutions. The suspected link to ShinyHunters raises the stakes. For organizations running PeopleSoft, this is not just a patching issue. It is an incident-response clock already ticking. Breakdown of the vulnerability Researchers from both the Google Threat Intelligence Group and Mandiant say the campaign was observed between May 27 and June 9. Because this vulnerability was actively exploited for days before it was discovered, it is regarded as a zero-day vulnerability. The campaign targeted Oracle PeopleSoft, an enterprise resource planning (ERP) tool used by organizations to manage activities such as payroll and HR. Attackers exploited the vulnerability on versions 8.61 and 8.62 of the Oracle PeopleSoft tool. According to Oracle, successfully exploiting this vulnerability can lead to remote code …

New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight

New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight

Published by Webster

A new Windows zero-day has turned BitLocker, one of Microsoft’s most trusted data-protection features, into the center of another disclosure fight. The Register’s Jessica Lyons broke the news that security researcher Nightmare Eclipse released exploit code for a claimed BitLocker bypass called GreatXML, which the researcher says can spawn a command prompt with broad access to a protected BitLocker volume. The release followed another zero-day, RoguePlanet, which SecurityWeek reported could exploit a Microsoft Defender race condition to gain SYSTEM-level privileges. The bigger concern for Windows admins is not just one bug. It is the pace of public exploit drops, the uncertainty around Microsoft’s response, and the widening gap between responsible disclosure norms and what is now unfolding in public. What GreatXML claims to do According to The Register, Nightmare Eclipse claimed GreatXML can bypass BitLocker on systems that have previously run a Microsoft Defender Offline scan. The researcher reportedly published exploit code on GitHub and another Git-based platform, describing the bug as an “accidental discovery.” The claimed attack involves copying specific files to the recovery …

New GitHub Zero-Day Exposed Developer Tokens to Attackers

New GitHub Zero-Day Exposed Developer Tokens to Attackers

Published by Webster

A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar disclosed a zero-day vulnerability in github.dev, GitHub’s browser-based VSCode environment, that could expose GitHub OAuth tokens through a flaw in VSCode webviews. Those tokens could give attackers access to repositories and organizational code available to the affected developer. Microsoft introduced mitigations on June 3, according to Askar’s disclosure timeline, but the bug is a sharp reminder of how much trust modern development workflows place in browser-based coding tools. Understanding how the vulnerability works VSCode is a desktop coding tool owned by Microsoft, the same company that owns GitHub, a code management platform. Over time, Microsoft has tightly integrated both tools to make moving between coding and code management seamless. One example is github.dev, a browser-based version of VSCode that lets developers open and edit repositories directly from GitHub using GitHub OAuth credentials. According to security researcher Ammar Askar, trusted integration is what made the vulnerability possible. Askar notes that the attacker begins by tricking a …

Google Patches Android Zero-Day Vulnerability in June 2026 Security Update

Google Patches Android Zero-Day Vulnerability in June 2026 Security Update

Published by Webster

Google’s June 2026 Android security release addresses dozens of vulnerabilities across the operating system, including one flaw that the company says may already be under attack in the real world. According to Google’s June Android Security Bulletin, the most severe issue fixed this month is a critical vulnerability in the Android Framework component that could allow remote privilege escalation without requiring user interaction. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” Google said in the bulletin. The actively abused flaw, tracked as CVE-2025-48595, sits inside the Android Framework, the layer of APIs and system services that apps communicate with directly. Google noted there are indications the vulnerability may be involved in “limited, targeted exploitation.” The bug affects devices running Android 14, Android 15, Android 16, and Android 16 QPR2. The vulnerability is an elevation-of-privilege flaw within Android’s Framework component that could give attackers access to a compromised …

Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day

Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day

Published by Webster

Microsoft CEO Satya Nadella. Image: Microsoft News Microsoft’s Patch Tuesday security update for April included 134 flaws, one of which is an actively exploited zero-day flaw. The security patches for Windows 10 were unavailable when the Windows 11 patches were released. The Windows 10 patches have since arrived, but the delay was unusual. Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra, suggested in an email to TechRepublic that the two separate releases and a 40-minute delay in the Windows 11 update might point to something unusual behind the scenes. SEE: What is Patch Tuesday? Microsoft’s Monthly Update Explained CVE-2025-29824 has been detected in the wild The zero-day vulnerability was CVE-2025-29824, an elevation of privilege bug in the Windows Common Log File System (CLFS) Driver. “This vulnerability is significant because it affects a core component of Windows, impacting a wide range of environments, including enterprise systems and critical infrastructure,” Mike Walters, president and co-founder of patch automation company Action, wrote in an email. “If exploited, it allows privilege escalation …

Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions

Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions

Published by Webster

Google has fixed a serious security vulnerability affecting its Google Chrome browser, that allowed attackers to bypass its security features. The flaw was discovered by Kaspersky’s Global Research and Analysis Team (GReAT), and was reportedly used to target media outlets, educational institutions, and government organisations. Google Chrome users should update their browser in order to remain protected against the vulnerability, and other Chromium-based browsers are also expected to receive an update that resolves the issue in the coming days. Attackers Sent Personalised Phishing Emails as Part of ‘Operation ForumTroll’ According to details shared by the security firm, an advanced persistent threat (APT) group is suspected to have run a campaign dubbed Operation ForumTroll to take advantage of a zero-day (previously unknown, undetected) vulnerability in Google Chrome for Windows, identifed as CVE-2025-2783. The attackers would send personalised phishing emails to persons from media outlets, educational institutions, and government organisations located in Russia. These emails would invite them to join the “Primakov Readings” forum. Kaspersky claims that the links would expire quickly, and would eventually send users to the real forum. …

Critical Zero-Day Vulnerabilities Found in These VMware Products

Critical Zero-Day Vulnerabilities Found in These VMware Products

Published by Webster

Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How do these vulnerabilities work? If a threat actor gains administrative access to a virtual machine’s guest OS, they can escalate privileges and break into the hypervisor. Once inside, they could manipulate or access other virtual machines running on the same hypervisor, posing a significant security risk. The three vulnerabilities are: CVE-2025-22224: A Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation which can lead to an out-of-bounds write condition if an attacker already has admin privileges. CVE-2025-22225: An arbitrary write vulnerability in VMware ESXi. CVE-2025-22226: An information disclosure vulnerability in VMware ESXi, Workstation, and Fusion that could be used to leak memory. To remediate the vulnerabilities, customers should apply the patches found in Broadcom’s notification. All versions of VMware …

Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

Published by Webster

The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391, a Windows storage flaw that could let a threat actor delete files. CVE-2025-21418, an opening for privilege escalation beginning in Windows Ancillary Function Driver for WinSock. “While both vulnerabilities are rated Important by Microsoft and have CVSS scores in the 7.x range, I would treat the Windows AFD for WinSock vulnerability as critical when it comes to patching, given that it has seen active exploitation,” Reguly said in an email to TechRepublic. Vulnerabilities have been found in the Windows Ancillary Function Driver for WinSock nine times since 2022, including instances attributed to a North Korea-sponsored advanced persistent threat group, Tenable senior staff research engineer Satnam Narang pointed out in a comment to KrebsonSecurity. “The root …

Apple Patches Two Zero-Day Attack Vectors

Apple Patches Two Zero-Day Attack Vectors

Published by Webster

Apple’s latest security updates for iOS, macOS, Safari, visionOS, and iPadOS contained brief but critical disclosures of two actively exploited vulnerabilities. The tech giant said Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered the vulnerabilities. NIST lists the vulnerabilities as CVE-2024-44308 and CVE-2024-44309. What are the vulnerabilities Apple patched? Apple didn’t disclose much information about the exploitation or what attackers might have done using these vulnerabilities. However, the Threat Analysis Group works specifically on “government-backed hacking and attacks against Google and our users,” so it’s possible these vulnerabilities were used in well-funded attacks against specific targets. SEE: Want to accept Apple Pay at your business? See how with our guide. With CVE-2024-44308, attackers could create malicious web content, leading to arbitrary code execution. Apple detected this exploit possibly in use on Intel-based Mac systems — unlike those systems using Apple’s own M chips, which have been the standard since 2023. Apple put improved checks in place to prevent this issue. CVE-2024-44309 has been exploited similarly and applies to Intel-based Macs, but the …

Microsoft Catches Four Zero-Day Vulnerabilities

Published by Webster

Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe. On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the beginning of the week or the following day. Patch Tuesday is a useful reminder for admins to ensure their Microsoft security updates are up to date. Attackers exploited four zero-day vulnerabilities The four vulnerabilities attackers have already taken advantage of are: CVE-2024-43491: a flaw in Servicing Stack in Windows 10, version 1507 that opens up Optional Components to vulnerabilities previously thought to be mitigated. Later versions of Windows 10 are not affected. The September 2024 Servicing stack update and the September 2024 Windows security update address this flaw. CVE-2024-38226: a bypass vulnerability in Microsoft Publisher. CVE-2024-38217: a technique by which …