0-day

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

0-day, Don't miss, exploit, Hot stuff, Microsoft, Microsoft Defender, News, vulnerability disclosure /

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) 2026-06-17 at 14:26 By Zeljka Zorz Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned […]

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Read More »

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)

0-day, APT, CISA, Cisco, Don't miss, Hot stuff, News, SD-WAN /

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) 2026-06-16 at 13:20 By Zeljka Zorz Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was found during internal security testing”, raising the

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) Read More »

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

0-day, Data leak, data theft, Don't miss, education, extortion, Hot stuff, News, Oracle, vulnerability /

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert 2026-06-11 at 15:41 By Zeljka Zorz A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert Read More »

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)

0-day, Chrome, Google, News, security update /

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) 2026-06-09 at 15:21 By Sinisa Markovic Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) Read More »

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)

0-day, Check Point, data theft, Don't miss, enterprise, Hot stuff, News, Ransomware, secure access, VPN, vulnerability /

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) 2026-06-08 at 16:16 By Zeljka Zorz A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) Read More »

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

0-day, APT, Cisco, Don't miss, exploit, Hot stuff, Mandiant, News, SD-WAN /

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

0-day, CISA, Don't miss, Endpoint Security, enterprise, Hot stuff, News, security update, Trend Micro /

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

$20 per zero-day is already the WordPress plugin reality

0-day, AI, conferences, cybersecurity, Don't miss, Hot stuff, News, research, Trend Micro, WordPress /

$20 per zero-day is already the WordPress plugin reality 2026-05-22 at 17:05 By Mirko Zorz Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer,

$20 per zero-day is already the WordPress plugin reality Read More »

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

0-day, APT, Cisco, Don't miss, Hot stuff, News, Rapid7, SD-WAN /

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) 2026-05-15 at 16:07 By Zeljka Zorz Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182) Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

0-day, Don't miss, endpoint management, Hot stuff, Ivanti, News, vulnerability /

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) 2026-05-08 at 13:30 By Zeljka Zorz Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) Read More »

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

0-day, APT, Don't miss, firewall, government-backed attacks, Hot stuff, News, Palo Alto Networks /

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

0-day, cPanel, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, security update, WatchTowr, web hosting /

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

0-day, Don't miss, exploit, Hot stuff, Huntress, Microsoft, Microsoft Defender, News, PoC /

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild 2026-04-17 at 14:32 By Zeljka Zorz The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild Read More »

Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)

0-day, Adobe, Adobe Reader, Don't miss, Expmon, Hot stuff, News, PDF /

Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) 2026-04-13 at 13:22 By Zeljka Zorz Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerability – a type

Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) Read More »

Acrobat Reader zero-day exploited in the wild for many months

0-day, Adobe, Adobe Reader, Don't miss, exploit, Expmon, Hot stuff, News, PDF /

Acrobat Reader zero-day exploited in the wild for many months 2026-04-09 at 15:44 By Zeljka Zorz Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based

Acrobat Reader zero-day exploited in the wild for many months Read More »

BlueHammer: Windows zero-day exploit leaked

0-day, CYDERES, Don't miss, exploit, Hot stuff, News, PoC, Windows, Windows Defender, Windows Server /

BlueHammer: Windows zero-day exploit leaked 2026-04-08 at 23:29 By Zeljka Zorz A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit

BlueHammer: Windows zero-day exploit leaked Read More »

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

0-day, Defused Cyber, Don't miss, enterprise, Fortinet, Hot stuff, News /

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) 2026-04-04 at 17:39 By Zeljka Zorz Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

0-day, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, Vivaldi /

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) 2026-04-01 at 14:31 By Zeljka Zorz Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) Read More »

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

0-day, AWS, Cisco, Don't miss, enterprise, firewall, Hot stuff, News, Ransomware /

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) 2026-03-20 at 15:21 By Zeljka Zorz A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) Read More »

Scroll to Top