Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities https://gbhackers.com/google-warns-threat-actors-growing-more-sophisticated/ #CyberSecurityNews #Vulnerabilities #cybersecurity #THREATS #ZeroDay #Google
#zeroday
21 posts18 participants3 posts today
This story about Blue Shield CA reminds me of this report that @mttaggart shared.
Misconfigured junk is WAAAY more of a problem than zero days and the “new hotness” #vulnerabilities.
TechCrunch · Blue Shield of California shared the private health data of millions with Google for years | TechCrunch
More from 
Zack Whittaker
I’ve compiled an A-Z field manual specifically for people who use their voice to challenge power—especially on social media. It’s written for activists, organizers, journalists, and anyone who has reason to believe they might be on someone’s watchlist. Not theory—just facts, tools, tactics, and what you’re really up against.
If you use your phone to speak truth, understand this:
Your phone might already be speaking back—for them.
https://www.amazon.com/Cybersecurity-Activists-Watermelon-Book-Condor/dp/B0F5NKC8Y5/
Stay alert. Stay encrypted. Stay dangerous.
#SurveillanceState #Cellebrite #NoviSpy #ZeroDayExploit #DataPrivacy #ActivistsUnderAttack #PrivacyMatters #DigitalSecurity #EndTheCreep #Totalitarianism #SurveillanceCapitalism #DigitalRights #TechForGood #KnowYourRights #StaySafe #PhoneHacking #Spyware #ZeroDay #Resistance #ProtectYourData
Cybersecurity for Activists
https://www.amazon.com/dp/B0F5NKC8Y5
International Link: https://mybook.to/opsec
If you use your phone to speak truth, understand this:
Your phone might already be speaking back—for them.
https://www.amazon.com/Cybersecurity-Activists-Watermelon-Book-Condor/dp/B0F5NKC8Y5/
Stay alert. Stay encrypted. Stay dangerous.
#SurveillanceState #Cellebrite #NoviSpy #ZeroDayExploit #DataPrivacy #ActivistsUnderAttack #PrivacyMatters #DigitalSecurity #EndTheCreep #Totalitarianism #SurveillanceCapitalism #DigitalRights #TechForGood #KnowYourRights #StaySafe #PhoneHacking #Spyware #ZeroDay #Resistance #ProtectYourData
Cybersecurity for Activists
https://www.amazon.com/dp/B0F5NKC8Y5
International Link: https://mybook.to/opsec
Ethical Zero Day Marketplace Desired Effect Emerges From Stealth https://www.securityweek.com/ethical-zero-day-marketplace-desired-effect-emerges-from-stealth/ #ThreatIntelligence #Vulnerabilities #exploit #ZeroDay
Ethical Zero Day Marketplace Desired Effect Emerges From Stealth https://www.securityweek.com/ethical-zero-day-marketplace-desired-effect-emerges-from-stealth/ #ThreatIntelligence #Vulnerabilities #exploit #ZeroDay
Microsoft has awarded more than $1.6 million in prizes during its first-ever #ZeroDay Quest hacking contest
Security researchers submitted more than 600 vulnerabilities in Microsoft cloud and AI services
The company says the Zero Day Quest event was a success and plans to hold it on an annual basis
https://msrc.microsoft.com/blog/2025/04/zero-day-quest-2025-1.6-million-awarded-for-vulnerability-research/
msrc.microsoft.comZero Day Quest 2025: $1.6 million awarded for vulnerability research | MSRC Blog
| Microsoft Security Response CenterZero Day Quest 2025: $1.6 million awarded for vulnerability research
Cisco has lagged Dell for three zero-day vulnerabilities, pending the related report: https://talosintelligence.com/vulnerability_info @TalosSecurity
Dell security advisories: https://www.dell.com/support/security/en-us #cybersecurity #infosec #Dell #zeroday
talosintelligence.comZero-Day Vulnerability & Disclosed Vulnerabilities Reports || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceTalos investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do. We provide this information to vendors so that they can create patches and protect their customers as soon as possible.
Windows NTLM flaw (CVE-2025-24054) is under active exploitation! Learn how this critical vulnerability impacts your security and what you can do to stay safe. 
Learn more: https://zerodaily.me/blog/2025-04-18-windows-ntlm-cve-2025-24054-under-active-exploitation
ZeroDaily - Cybersecurity News · Windows NTLM Hash Leak CVE-2025-24054 Under Active Exploitation: Patch Now to Prevent Credential TheftA critical Windows vulnerability (CVE-2025-24054) is under active exploitation, allowing attackers to leak NTLM hashes and compromise credentials via phishing and malicious .library-ms files. Immediate patching is strongly recommended.
Nearly 24,000 IP addresses were caught scanning Palo Alto GlobalProtect portals in March. Analysts warn this could signal upcoming attacks. Stay alert, stay patched.
TechRadar pro · Palo Alto Networks gateways facing huge number of possible security attacks
RedGolf Hackers Linked to Fortinet Zero-Day Exploits and Cyber Attack Tools https://gbhackers.com/redgolf-hackers-linked-to-fortinet-zero-day-exploits/ #CyberSecurityNews #cybersecurity #CyberAttack #ZeroDay #zeroday
#Cellebrite Android Zero-Day not 1 but 3 #ZeroDay by Amnesty International’s Security Lab and Google’s Threat Analysis Group
.. published POC exploit code for Android zero-day exploit chain to unlock the device of a student #activist in the country and attempt to install #spyware
.. all within #Linux kernel USB subsystems leveraged by Android, were marked as “under limited, targeted exploitation” in Google’s February 2025 Android security bulletin
https://securityonline.info/cellebrite-android-zero-day-exploit-poc-released-cve-2024-53104/
Daily CyberSecurity · Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104Cellebrite's Android zero-day exploit (CVE-2024-53104) used in alleged spyware attempt on activist. Details, technical analysis, and patch info.
Apple dropped emergency security updates! Fixes two zero-day flaws (CVE-2025-31200/31201) already used in 'highly sophisticated' targeted attacks. Update your iPhone, iPad, Mac ASAP!
#SecurityLand #CyberWatch #Apple #Cybersecurity #ZeroDay #iOS #macOS
Security Land · Apple Issues Urgent Security Updates to Fix Zero-Days Used in Targeted Attacks | Security LandApple releases patches (iOS 18.4.1+) for two zero-day flaws (CVE-2025-31200, CVE-2025-31201) exploited in targeted attacks. Update now!
Two sides of the same coin
This intelligence report analyzes the similarities between two previously separate APT groups, Team46 and TaxOff, concluding they are likely the same entity. The analysis covers their shared tactics, techniques, and procedures, including similar PowerShell commands, loader functionality, and infrastructure patterns. Key findings include the use of zero-day exploits, complex malware development, and long-term persistence strategies. The report details the groups' use of multi-layered encryption in their loaders, custom obfuscation techniques, and various malware tools like Trinper backdoor and Cobalt Strike. The combined group, now referred to as Team46, demonstrates sophisticated capabilities in targeted attacks against protected infrastructures.
Pulse ID: 6802c8019d40fa74671e9c6c
Pulse Link: https://otx.alienvault.com/pulse/6802c8019d40fa74671e9c6c
Pulse Author: AlienVault
Created: 2025-04-18 21:45:37
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Attackers strike before patches hit, hijack security tools & stay hidden post-fix. With AI threats & fast ransomware, assume systems *will* fail. Proactive defense & constant vigilance are vital. #CyberSecurity #ThreatIntel #ZeroDay
iOS 18.4.1: Apple patches two critical zero-days — and the U.S. government is taking no chances.
Federal agencies have been ordered to update by May 8 — but this isn’t just about public sector risk.
The vulnerabilities are under active exploitation
Delaying could open the door to real-world attacks
Pro tip: enable auto-updates and confirm your device is running 18.4.1
Don’t wait for a mandate to protect your digital life.
#iOSUpdate #iPhoneSecurity #CyberSecurity #ZeroDay #MobileSecurity
https://www.forbes.com/sites/kateoflahertyuk/2025/04/19/new-ios-1841-warning-you-have-18-days-to-update-your-iphone/
ForbesNew iOS 18.4.1 Warning—You Have 18 Days To Update Your iPhoneThe U.S. government has issued a warning to update to iOS 18.4.1, with a deadline of May. 8 to comply. Here's what you need to know.
Unlocking the Secrets of Zero-Day Vulnerabilities: A Guide to Mastering Vulnerability Research
In a world where cyber threats are evolving at breakneck speed, understanding vulnerability research has never been more critical. Eugene 'Spaceraccoon' Lim's new book offers a detailed roadmap for bo...
Watching episode 1 of #ZeroDay with Robert Di Nero.
At the 27:56 mark he's walking down a corridor and his legs are very odd. Almost like he's had a stroke. But more importantly, why are his pants so short??!
Windows NTLM flaw (CVE-2025-24054) is under active exploitation! Learn how this critical vulnerability impacts your security and what you can do to stay safe.
#CyberSecurity #InfoSec #ThreatIntel #Vulnerability #WindowsSecurity #CVE #ZeroDay #SecurityNews
Learn more: https://zerodaily.me/blog/2025-04-18-windows-ntlm-cve-2025-24054-under-active-exploitation
ZeroDaily - Cybersecurity News · Windows NTLM Hash Leak CVE-2025-24054 Under Active Exploitation: Patch Now to Prevent Credential TheftA critical Windows vulnerability (CVE-2025-24054) is under active exploitation, allowing attackers to leak NTLM hashes and compromise credentials via phishing and malicious .library-ms files. Immediate patching is strongly recommended.
Ein bekannter schickte folgende Nachricht:
"Hi,
Live from Belgium, all the public services of the French part of the country (Wallonia) are offline because a very serious intrusion has been discovered yesterday evening.
A friend told me it’s due to an exploited #zeroday #vulnerability in a Ivanti #VPN endpoint."
Es sieht so aus als wenn er recht hat DNS Auflösung und direkte ansprache via IP ist nicht möglich.
Apple just patched CVE-2025-31200 in CoreAudio & CVE-2025-31201 in RPAC, both zero-day flaws exploited in targeted iOS attacks. Update to iOS 18.4.1, iPadOS 18.4.1, & macOS Sequoia 15.4.1 ASAP! 
More info: https://cyberinsider.com/apple-fixes-two-new-zero-day-flaws-exploited-in-targeted-ios-attacks/ #AppleSecurity #ZeroDay #CyberSecurity 
#newz
CyberInsider · Apple Fixes Two New Zero-Day Flaws Exploited in Targeted iOS AttacksApple released security updates for iOS, iPadOS, and macOS to patch two zero-day flaws that are being actively exploited in targeted attacks.