On [insert date], Google announced the rollout of a critical software update for the Chrome web browser, affecting desktop users on Windows, Mac, and Linux platforms. This update addresses three newly identified vulnerabilities, each classified as ‘HIGH’ in severity. Notably, one of these vulnerabilities, known as CVE-2020-6418, has reportedly been…
Critical Vulnerabilities Discovered in Zoom’s Video Conferencing Software In the realm of cybersecurity, recent developments concerning Zoom have raised significant alarms, especially for users relying on the platform for education, business, and social engagement. Cybersecurity researchers from Cisco Talos have identified two critical vulnerabilities within the popular video conferencing software,…
On Thursday, Apple announced a series of security updates to address three zero-day vulnerabilities that have been identified as actively exploited in the wild. The patches are part of updates for iOS, iPadOS, macOS, and watchOS, specifically targeting flaws within the FontParser component and kernel. These vulnerabilities could allow attackers…
In a recent update during its November 2020 Patch Tuesday, Microsoft disclosed fixes for 112 newly identified security vulnerabilities. This release notably includes a zero-day flaw that was actively exploited and brought to light by Google’s security team the previous week. The series of patches issued addresses a variety of…
On March 18, 2026, cybersecurity firm Darktrace reported a new attack campaign detected through its CloudyPots honeypot network. The focus of the intrusions was a misconfigured Jenkins server, a widely-utilized tool for developers. Instead of seeking sensitive source code, the attackers capitalized on their access to establish a distributed denial-of-service…
Recent Security Breaches Underscore Growing Cyber Threats In an alarming series of recent cyber incidents, it has become evident that some of the most significant security breaches often unfold quietly, without immediate alert signals. These breaches usually involve subtle actions that may appear innocuous, highlighting a troubling trend in which…
Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability
Dec 24, 2020
Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.
Google Exposes Unpatched Windows Zero-Day Vulnerability On December 24, 2020, Google’s Project Zero disclosed details about a critical yet poorly patched zero-day vulnerability within the Windows print spooler API. This flaw opens the door for malicious actors to execute arbitrary code, creating significant risks for affected systems. The decision to…
Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability
Dec 24, 2020
Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.
CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog
Aug 14, 2025 | Vulnerability / Network Security
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.
The identified vulnerabilities are as follows:
Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.
CISA Adds Two N-able N-central Vulnerabilities to High-Risk Catalog On August 14, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of two significant vulnerabilities related to N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that these flaws…
CISA Adds Two Vulnerabilities in N-able N-central to Its Known Exploited Vulnerabilities Catalog
Aug 14, 2025 | Vulnerability / Network Security
On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) included two security flaws affecting N-able N-central in its Known Exploited Vulnerabilities (KEV) catalog, due to evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform tailored for Managed Service Providers (MSPs) to effectively manage and safeguard their clients’ Windows, Apple, and Linux endpoints from a centralized platform.
The identified vulnerabilities are as follows:
Both issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able is also advising customers to ensure multi-factor authentication (MFA) is enabled, particularly for admin accounts.
On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.
New Chrome Zero-Day Vulnerability Under Active Exploitation—Update Your Browser Immediately March 3, 2021 In a critical update, Google has announced the release of patches for a newly identified zero-day vulnerability within its Chrome web browser, which is reportedly being actively targeted by attackers. This follows just a month after the…
On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.
