zero-day attack Archives

Spyware, whatsapp, Apple. Google, Microsoft

Spyware Makers Topped Google’s List of Zero-Day Exploits for the First Time in 2025

Jeffrey Burt | March 6, 2026 | china, CSV, Google TAG, GTIG, Intellexa, Microsoft, nation-state actors, North Korea, NSO Group, Pegasus Spyware, Trend Micro, zero-day attack

For the first time, spyware makers topped Google's list of organizations that exploited zero-day flaws in 2025, overtaking nation-state actors from China, Russia, and elsewhere and continuing a trends that Google researchers ...

Security Boulevard

Closing the Application Layer Security Blind Spot with Contrast & Microsoft Sentinel | Contrast Security

Maarten Buis | November 4, 2025 | Microsoft Sentinel, Security Information and Event Management (SIEM), Security Operations Center (SOC), SIEM, SIEM Integration, zero-day attack

Microsoft Sentinel has rapidly become a cornerstone for security operations, offering powerful, cloud-native Security Information and Event Management (SIEM) capabilities. Security Operations Center (SOC) teams rely on it to get a unified ...

AppSec Observer

MixMode’s Third-Wave AI: Achieving NERC CIP-015-1 Compliance and Beyond

MixMode Threat Research | August 21, 2025 | Blog, Critical Infrastructure, Cyber Threats, Cybersecurity News, cyberthreats, Nation-State Threat Actors, threat brief, Threat Briefing, threat detection, Threat Intelligence Research, Threat Research, Zero Day Attacks, zero trust, zero-day attack

In our first blog, we outlined the challenges of NERC CIP-015-1, which mandates Internal Network Security Monitoring (INSM) within Electronic Security Perimeters (ESPs), exposing the limitations of traditional SIEM, IDS, and NTA ...

MixMode

Understanding the Cookie-Bite MFA Bypass Risk

MixMode Threat Research | May 27, 2025 | Blog, cyber attacks, Cyber Threats, Cyber-attack, Cybersecurity News, Third Wave AI, threat detection, Threat Intelligence Research, Threat Research, Zero Day Attacks, zero-day attack

The Cookie-Bite attack is an advanced evolution of Pass-the-Cookie exploits. This tactic bypasses Multi-Factor Authentication (MFA) by leveraging stolen authentication cookies—such as Azure Entra ID’s ESTSAUTH and ESTSAUTHPERSISTENT—to impersonate users ...

MixMode

Safeguarding SAP Systems Amid Rising Financial Fraud and Economic Stress

MixMode Threat Research | May 14, 2025 | Blog, Financial Services, SAP, threat brief, Threat Briefing, threat detection, Threat Intelligence Research, Threat Research, Zero Day Attacks, zero-day attack

SAP systems are the backbone of enterprise finance—and they’re under attack. As economic pressures rise, so do attempts to exploit financial platforms. From insider threats to ransomware and zero-day vulnerabilities, SAP’s critical role ...

MixMode

Zero-Day Attack Prevention with Contrast ADR | Real-Time Detection of Zero-Day Exploits of Unknown Vulnerabilities | Contrast Security

Contrast Marketing | April 22, 2025 | behavioral analysis, behavioral detection, compensating controls, novel threat detection, Proactive approach, Reactive posture, remediation context, Runtime analysis, unknown vulnerability, vulnerability classes, zero-day attack, zero-day exploits

The majority — 11 out of 15 — of the top Common Vulnerabilities and Exposures (CVEs) in CISA’s most recent annual Cybersecurity Advisory (CSA) were initially exploited as zero days. ...

AppSec Observer

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

MixMode Threat Research | April 16, 2025 | Blog, cyber attacks, Cyber-attack, Cybersecurity News, supply chain, Supply Chain Attacks, Threat Intelligence Research, Threat Research, Zero Day Attacks, zero-day attack

The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats ...

MixMode

Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse)

Satya says NO: Redmond blames Windows users, rather than solve 30-year-old bug—exploited since 2017 ...

Security Boulevard

Why Zero-Day Attacks Bypass Traditional Firewall Security: Defending Against Zero-Day’s like Palo Alto Networks CVE-2024-0012

MixMode Threat Research | December 5, 2024 | firewall, firewalls, Zero Day Attacks, zero-day, zero-day attack, zero-day attack identification, Zero-day threats

Recently, Palo Alto Networks identified and patched a critical zero-day vulnerability in their next-generation firewalls (NGFWs). This vulnerability, tracked as CVE-2024-0012, allowed attackers to execute code on vulnerable devices remotely. This vulnerability ...

MixMode

Alarming Intrusion: Chinese Government Hackers Target US Internet Providers

MixMode Threat Research | August 29, 2024 | Blog, government, Infrastructure, nation-state attacks, Nation-State Bad Actors, Nation-State Threat Actors, national cybersecurity, National Cybersecurity Strategy, Uncategorized, Zero Day Attacks, zero-day, zero-day attack, zero-day attack identification, Zero-day threats

A recent Washington Post report sent shockwaves through the cybersecurity landscape, revealing that Chinese government-backed hackers have infiltrated at least two major US internet service providers (ISPs) and several smaller ones ...

MixMode

zero-day attack

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On