Here are the latest developments on zero-day vulnerabilities as of today.
-
A widely reported zero-day in enterprise firewalls from Palo Alto Networks was disclosed to be actively exploited in attacks targeting customers using PAN-OS. Organizations are urged to apply patches and follow mitigation guidance from Palo Alto Networks and CISA. [cite ]
-
In Chrome, a zero-day exploited in the wild has been linked to targeted campaigns, with active exploit activity observed by multiple researchers. Users are advised to update Chrome to the latest available version and enable automatic updates. [cite ]
-
The Zero Day Initiative and other security researchers continue to track new 0-days across multiple vendors, including virtualization, networking, and productivity software. Vendors typically release emergency or rapid patches once a vulnerability is disclosed and verified. [cite ][cite ]
-
Real-time aggregators and security blogs are reporting ongoing discussions about responsible disclosure vs. public disclosure pressures, highlighting the importance of coordinated vulnerability disclosure (CVD) processes in reducing risk. [cite ]
-
Patch Tuesday cycles (where applicable) continue to include zero-day fixes among broader security updates, with several actively exploited 0-days addressed in recent cycles. Organizations should review vendor advisories promptly and deploy patches in a timely manner. [cite ]
-
For comprehensive, up-to-date tracking, you may want to consult multiple sources that publish daily updates on 0-day vulnerabilities, including security news outlets, vendor advisories, and dedicated vulnerability databases. [cite ][cite ][cite ]
If you’d like, I can narrow this to a specific area (e.g., browsers, endpoint OS, or network devices), pull the most recent advisories from official vendor pages, and summarize the patches, affected products, and recommended mitigations. I can also help you build a quick remediation checklist tailored to your environment in Paris, Île-de-France.
Sources
ZDI IDZDI CANAFFECTED VENDOR(S)CVECVSS v3.0PUBLISHEDUPDATEDTITLE ZDI-23-1810ZDI-CAN-21521QEMUCVE-2023-41356.02023-12-20 QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-23-1809ZDI-CAN-21819TP-LinkCVE-2023-502256.82023-12-19 TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability … ZDI-23-1772ZDI-CAN-22660OpenAI 6.52023-12-13 (0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability...
www.zerodayinitiative.comRead the latest zero-day attack news from The Daily Swig. Zero-day vulnerabilities present a serious security risk to organizations around the world.
portswigger.netThe latest news about Zero-Day
www.bleepingcomputer.comZero-day (0day) vulnerability tracking project database. All zero-day vulnerabilities since 2006.
www.zero-day.czStay informed about the latest cybersecurity Zero-day threats, solutions, and best practices.
vonwallace.comZero-Day: Get the latest news, trends, research, and analysis from the cybersecurity experts at Rapid7.
www.rapid7.comAllSec.sh — a real-time aggregator of cybersecurity news, vulnerability disclosures, and security research from across the web.
allsec.shThe latest news about Zero-Day
www.bleepingcomputer.com