Talos investigates software and operating system vulnerabilities in order to discover them before malicious threat actors do. We provide this information to vendors so that they can create patches and protect their customers as soon as possible.
25 Open Reported Zero-Days 56 Publicly Disclosed Vulnerabilities Disclosed Vulnerability Reports Zero-Day Reports Show entries Report ID Title Report Date CVE Number CVSS Score TALOS-2024-2113 NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability 2025-02-11 CVE-2024-0145 9.8...
Filter by the "zero day" tag to only see security recommendations addressing zero-day vulnerabilities.If there's software with a zero-day vulnerability and additional vulnerabilities to address, you'll get one recommendation about all vulnerabilities....
Zero-day vulnerabilities emphasize the need for quick, effective response and vigilant security in CI/CD environments to mitigate evolving threats.
The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation...
"There have been 12 elevation of privilege vulnerabilities in the DWM Core Library over the last two years, though this is the first to have been exploited in the wild as a zero-day," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News...
On April 24th, Cisco, in coordination with the Canadian Center for Cyber Security (CCCS), the Australian Cyber Security Centre (ACSC), and the National Cyber Security Centre (NCSC), disclosed two high-severity vulnerabilities in Cisco products that are under active exploitation. The vulnerabilities...
In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.
zero day vulnerabilities responsibly to the affected vendors. RESEARCHER LOGIN VENDORS ZDI works collaboratively with affected vendors to notify the public of the vulnerability through a joint advisory. SEE HOW IT WORKS PRESS & CURIOSITY SEEKERS ...
Recently, multiple zero-day vulnerabilities were found in Adobe Flash Player. Given the ubiquity of the Flash plugin, it is an attractive attack vector. Flash’s long-term existence becomes even more complex with every update as security holes add up along the way, allowing exploits to continue...