Hacker News with Generative AI: Zero-Day Exploits

Ask HN: What's the worst thing that could happen if I click on an unknown link (ycombinator.com)
There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.

Cybersecurity, Security Risks, Internet Safety, Worst-Case Scenarios, Zero-Day Exploits

13 points by canergl 8 days ago | 8 comments

Apple patches 0-day exploited in "sophisticated attack" (arstechnica.com)
Apple on Tuesday patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports and said it may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS.

Security, Apple, iOS, Zero-Day Exploits

11 points by sgerenser 23 days ago | 1 comments

Broadcom urges VMware customers to patch 'emergency' zero-day bugs (techcrunch.com)
U.S. technology giant Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its corporate customers.

Cybersecurity, Software, Vulnerabilities, Zero-Day Exploits

5 points by jatwork 29 days ago | 0 comments

Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.

Cybersecurity, PostgreSQL, Zero-Day Exploits, US Treasury

6 points by whalesalad 42 days ago | 1 comments

Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.

Cybersecurity, Databases, Government, Vulnerabilities, Zero-Day Exploits

19 points by rntn 48 days ago | 11 comments

Apple fixes zero-day exploited in 'extremely sophisticated' attacks (bleepingcomputer.com)
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks.

Security, Apple, Zero-Day Exploits, Cyberattacks

6 points by akyuu 52 days ago | 1 comments

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (bleepingcomputer.com)
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards.

Cybersecurity, Automotive Security, Zero-Day Exploits, Hacking, Bug Bounties

44 points by speckx 71 days ago | 10 comments

RomCom exploits Firefox and Windows zero days in the wild (welivesecurity.com)
ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023.

Cybersecurity, Zero-Day Exploits, Firefox, Windows, Russia

58 points by croes 127 days ago | 28 comments

Possible Azure RCE (zerodayinitiative.com)

Cybersecurity, Azure, Zero-Day Exploits

44 points by sambazi 301 days ago | 6 comments

Palo Alto Networks PAN-OS Zero-Day Exploitation (volexity.com)

Cybersecurity, Vulnerability, Zero-Day Exploits

95 points by sky_nox 356 days ago | 60 comments