Hacker News with Generative AI: Zero-Day Exploits

Ask HN: What's the worst thing that could happen if I click on an unknown link (ycombinator.com)
There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.
Apple patches 0-day exploited in "sophisticated attack" (arstechnica.com)
Apple on Tuesday patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports and said it may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS.
Broadcom urges VMware customers to patch 'emergency' zero-day bugs (techcrunch.com)
U.S. technology giant Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its corporate customers.
Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.
Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.
Apple fixes zero-day exploited in 'extremely sophisticated' attacks (bleepingcomputer.com)
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks.
Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (bleepingcomputer.com)
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards.
RomCom exploits Firefox and Windows zero days in the wild (welivesecurity.com)
ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023.
Possible Azure RCE (zerodayinitiative.com)
Palo Alto Networks PAN-OS Zero-Day Exploitation (volexity.com)