Aug 21, 2025Ravie LakshmananVulnerability / Zero-Day Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in …
zeroday
-
Security
-
Security
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
by Wikdailyby WikdailyThe recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed …
-
As part of the exploitation, attackers upload a file named “spinstall0.aspx,” which is used to steal the Microsoft SharePoint server’s MachineKey configuration, including the ValidationKey and DecryptionKey, security researchers reported. …
-
Security
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
by Wikdailyby WikdailyA critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised …
-
Security
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
by Wikdailyby WikdailyJul 20, 2025Ravie LakshmananZero-Day / Vulnerability A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as …
-
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP …
-
Security
CrushFTP zero-day exploited in attacks to gain admin access on servers
by Wikdailyby WikdailyCrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. CrushFTP …
-
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. Three of the patched …
-
Security
The zero-day that could’ve compromised every Cursor and Windsurf user
by Wikdailyby WikdailyA security researcher from Koi Security stumbled upon a critical zero-day buried deep in the infrastructure powering today’s AI coding tools. Had it been exploited, a non-sophisticated attacker could’ve hijacked …
-
Tag CVE ID CVE Title Severity AMD L1 Data Queue CVE-2025-36357 AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue Critical AMD Store Queue CVE-2025-36350 AMD: CVE-2024-36350 Transient Scheduler Attack …