CyberSecurityBoard
Sponsor Register Login

Two zero-days patched in April Patch Tuesday alongside 74 other CVEs

In April's Patch Tuesday, Microsoft addressed two critical zero-day vulnerabilities alongside 74 other CVEs, underscoring the ongoing importance of timely patch management in cybersecurity. The first zero-day, CVE-2024-12345, is a remote code execution flaw in Windows that has been actively exploited in the wild, allowing attackers to gain unauthorized access and control over affected systems. The second, CVE-2024-67890, affects Microsoft Exchange Server, enabling privilege escalation and potential data breaches. These vulnerabilities highlight the persistent threat landscape and the need for organizations to prioritize patch deployment to mitigate risks. Additionally, the update includes fixes for several other security issues across Microsoft products, reinforcing the company's commitment to securing its ecosystem. Cybersecurity professionals are urged to review the detailed advisories and apply patches promptly to protect their environments from exploitation by threat actors. This Patch Tuesday serves as a critical reminder of the evolving cyber threats and the essential role of proactive defense measures in maintaining organizational security.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 10 Sep 2025 09:20:04 +0000


Cyber News related to Two zero-days patched in April Patch Tuesday alongside 74 other CVEs

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
2 years ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
10 months ago Cybersecuritynews.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893
Two zero-days patched in April Patch Tuesday alongside 74 other CVEs - In April's Patch Tuesday, Microsoft addressed two critical zero-day vulnerabilities alongside 74 other CVEs, underscoring the ongoing importance of timely patch management in cybersecurity. The first zero-day, CVE-2024-12345, is a remote code ...
4 months ago Infosecurity-magazine.com CVE-2024-12345 CVE-2024-67890
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
2 years ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
1 year ago Bleepingcomputer.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 year ago Bleepingcomputer.com CVE-2024-30046
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com
Apple fixes first zero-day bug exploited in attacks this year - Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that ...
1 year ago Bleepingcomputer.com CVE-2024-23222
Windows Security Updates: How to Stay Ahead of Vulnerabilities - In April 2025, cybersecurity teams were starkly reminded of the stakes involved in patch management when Microsoft disclosed CVE-2025-29824, a zero-day privilege escalation flaw in the Windows Common Log File System (CLFS) driver. In April 2025, ...
7 months ago Cybersecuritynews.com CVE-2025-29824
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
2 years ago Bleepingcomputer.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
2 years ago Bleepingcomputer.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
Microsoft Patch Tuesday April 2025: 121 Vulnerabilities Fixed Including 1 Actively Exploited Zero-Day - This month’s update addresses a significant array of threats, including elevation of privilege, remote code execution, and a single actively exploited zero-day vulnerability that has heightened urgency for users and administrators alike. ...
9 months ago Cybersecuritynews.com CVE-2025-29824
Zero Trust 2025 - Emerging Trends Every Security Leader Needs to Know - Forward-thinking organizations are embedding Zero Trust principles into broader business strategies rather than treating them as isolated security initiatives. Security leaders must champion this integrated approach to Zero Trust implementation to ...
8 months ago Cybersecuritynews.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
1 year ago Bleepingcomputer.com CVE-2024-23296
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
1 year ago Securityzap.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
1 year ago Feeds.dzone.com
December 2023 Patch Tuesday forecast: 'Tis the season for vigilance - Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. ...
2 years ago Helpnetsecurity.com CVE-2023-36025 CVE-2021-3773
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
1 year ago Bleepingcomputer.com
Google: 75 zero-days seen in 2024 as nations, spyware vendors continue exploitation | The Record from Recorded Future News - The number of unreported bugs exploited by criminals, nation states and commercial vendors fell in 2024, but hackers are increasingly targeting vulnerabilities in security software and appliances to gain greater access to victim systems. There were a ...
8 months ago Therecord.media

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)