Zero-Day Exploits
In-depth guides and analysis on zero-day exploits from the Safeguard engineering team.
7 articles
Citrix Bleed CVE-2023-4966: Session Token Theft That Bypassed Every Authentication Control
Citrix Bleed allowed attackers to steal session tokens from NetScaler ADC, bypassing MFA and all authentication controls. LockBit ransomware used it to devastating effect.
Cisco IOS XE CVE-2023-20198: The Zero-Day That Compromised Tens of Thousands of Network Devices
CVE-2023-20198 in Cisco IOS XE allowed unauthenticated attackers to create admin accounts on network devices. Over 40,000 devices were compromised before Cisco shipped a fix.
ProxyNotShell CVE-2022-41040: Microsoft Exchange Under Fire Again
ProxyNotShell chained two Exchange vulnerabilities for authenticated RCE, exploited in the wild for weeks before Microsoft delivered a patch. Exchange admins were running out of patience.
Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform
CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.
Zoho ManageEngine CVE-2021-44077: When IT Management Tools Get Owned
APT actors exploited CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus to breach critical infrastructure. An unauthenticated RCE in the software that manages your IT.
Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations
Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.
Pulse Secure VPN Zero-Day CVE-2021-22893: When Your Security Gateway Becomes the Backdoor
Chinese APT groups exploited CVE-2021-22893 in Pulse Secure VPN to breach defense contractors and government agencies. The irony of a security product being the entry point.