The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users worldwide. The vulnerabilities CVE-2025-48572 and CVE-2025-48633 were officially listed on December 2, 2025, and represent a significant threat to […]

The post CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks.

The post Android Zero-Days Patched in December 2025 Security Update appeared first on SecurityWeek.

Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root privileges.​ CVE ID Vulnerability Type Affected Product Impact CVE-2025-64446 Authentication Bypass Fortinet FortiWeb Administrative account creation, privilege escalation CVE-2025-58034 Command Injection Fortinet FortiWeb Remote […]

The post Metasploit Releases New Exploit for Fresh FortiWeb 0-Day Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United […]

The post North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager.

The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek.

An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.

The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.

The flaw was reported by Google's Threat Analysis Group and was likely exploited by a commercial spyware vendor.

The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.

Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days.

The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek.

Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities in Windows and other products.

The post Microsoft Patches Actively Exploited Windows Kernel Zero-Day appeared first on SecurityWeek.

Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East. 

The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek.

Heads up, WhatsApp users. A serious zero-day vulnerability existed in WhatsApp that was already exploited…

WhatsApp Addressed An Actively Exploited Zero-Day Vulnerability on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

The popular file archiving tool WinRAR had a serious zero-day vulnerability threatening systems with code…

WinRAR Fixed A Zero-Day Flaw Exploited By RomCom on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

The post Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana appeared first on Detectify Blog.

The post How attackers exploit the WordPress Easy-WP-SMTP zero-day appeared first on Detectify Blog.

The post How Detectify handles Zero-Day submissions  appeared first on Detectify Blog.

By Kim Crawley

The latest research from zero-day hunters at Google shows that reporting and detection tools are improving. 

Google researchers uncovered more than double the number in-the-wild zero-days last year than any other period since it started tracking these dangerous software vulnerabilities in 2014. 

“Is it that software security is getting worse? Or is it that attackers are using 0-day exploits more? Or has our ability to detect and disclose 0-days increased? When looking at the significant uptick from 2020 to 2021, we think it’s mostly explained by the latter,” according to Maddie Stone, a security researcher at Google Project Zero, the company’s team that tracks zero-days.

In a recent blog post detailing the 2021 findings, the group detailed the 58 zero-days that it detected as well as trends, attack patterns and techniques they were able to identify last year, too. Even though the group uncovered more than double the number of the previous high in 2015 (28 found), attacker techniques haven’t significantly evolved.

“With this record number of in-the-wild 0-days to analyze, we saw that attacker methodology hasn’t actually had to change much from previous years. Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces,” wrote Stone.

It’s tough enough for organizations to manage and mitigate known vulnerabilities, but zero-day exploits pose a unique challenge to all organizations. They are often the attackers’ most powerful tool and when executed against businesses, organizations and individuals can have devastating consequences. As Google noted, there were many reports of zero-day exploits used against journalists, human rights groups and government officials last year.

Key findings from Google’s Project Zero report:

• The exploits detected in 2021 are very similar to the exploits Google Project Zero detected in previous years. There are new CVE records, but the nature of the vulnerabilities and how they’re exploited are all fairly typical relative to previous trends.
• Sixty-seven percent (or 39) of the zero-days found in 2021 were memory corruption vulnerabilities. How memory is being used is the main vector for zero-day exploits. They include four buffer overflows, four integer overflows, six out-of-bounds read and writes, and 17 use-after-frees. Maybe the Project is getting better at monitoring memory, or maybe volatile data is more ripe for zero-day exploitation than data in storage.
• Nearly all of the 58 zero-days detected in 2021 follow familiar patterns. But there’s one outlier, CVE-2021-30860, which is an integer overflow vulnerability in the CoreGraphics PDF decoder in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6 and watchOS 7.6.2. Security researchers Samuel Groß and Ian Beer noted how unusual the exploit is: “The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It’s pretty incredible, and at the same time, pretty terrifying.” Indeed, Google Project Zero said it hopes this is a trend of attackers having to work harder to successfully execute a zero-day exploit.
• Some of the exploits involve classic cyberattack techniques, such as phishing and fingerprinting. CVE-2021-21166 and CVE-2021-30551 are great examples. Google Project Zero’s Maddie Stone and Clement Lecigne wrote: “Both of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia. The links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users. When a target clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client and generate ECDH keys to encrypt the exploits, and then send this data back to the exploit server. The information collected from the fingerprinting phase included screen resolution, timezone, languages, browser plugins and available MIME types.”

Essentially, Google wants to make it harder for attackers to carry out zero-days. And there’s some evidence in its research that might be happening. While there’s progress in terms of discovering and disclosing zero-days, Project Zero does say there is still a lot of room for improvement. Specifically, they call on companies to disclose more, share more exploit samples and details of attacker techniques and to work harder to reduce memory corruption vulnerabilities. 

It’s also important that once organizations know about a zero-day, they act quickly to find and fix that vulnerability. That requires vigilance and the right approach to testing with an offensive mindset to ensure an organization’s entire attack surface is hardened against the most sophisticated attackers. 

Get in touch today to learn how Synack can help.

The post Researchers Uncover Record Number of Zero-Days. That’s Actually Good News. appeared first on Synack.