All CosmicBytez Labs articles tagged #Zero-Day, across news, security advisories, how-to guides, and projects.
Google's June 2026 Android security bulletin addresses 124 vulnerabilities including CVE-2025-48595, an actively exploited zero-day used in limited targeted attacks. Users should apply the update immediately.
Google's June 2026 Android security update patches 124 vulnerabilities including one zero-day flaw that has been actively exploited in targeted attacks against Android devices.
Following intense backlash from the security research community over Microsoft's removal of GitHub researcher accounts and statements labeling zero-day disclosures as "never justifiable," Microsoft has clarified it has no intention of pursuing legal action against individuals conducting or publishing security research.
After a disgruntled security researcher published several unpatched zero-day exploits in recent weeks, Microsoft seemingly indicated that criminal charges could be in order, prompting significant backlash from the security research community over the chilling effect on responsible disclosure.
Palo Alto Networks warns that CVE-2026-0257, a CVSS 7.8 authentication bypass in PAN-OS GlobalProtect, is under active exploitation by hackers attempting...
Palo Alto Networks warns that CVE-2026-0257, a CVSS 7.8 authentication bypass in PAN-OS GlobalProtect and Prisma Access, is being actively exploited by...
Fortinet's April hotfix for the actively exploited CVE-2026-35616 FortiClient EMS flaw is now seeing renewed exploitation, as attackers continue targeting...
Microsoft publicly condemned unauthorized zero-day disclosures as 'never justifiable' after a security researcher published working proof-of-concept...
Microsoft condemns uncoordinated public zero-day disclosure, urging the security community to adopt CVD after removing a researcher's GitHub account.
An unpatched Gogs zero-day lets attackers gain RCE on internet-facing instances of the self-hosted Git service — no patch is currently available.
CISA has added a LiteSpeed cPanel plugin zero-day to its Known Exploited Vulnerabilities catalog after active exploitation allowed attackers to execute scripts.
A hardcoded machineKey value in KnowledgeDeliver's configuration enabled ViewState deserialization attacks leading to remote code execution and web shell.
Attackers exploited a critical zero-day vulnerability in KnowledgeDeliver LMS servers to deploy the Godzilla web shell, giving persistent backdoor access to.
A now-patched high-severity zero-day vulnerability in Digital Knowledge's KnowledgeDeliver LMS, a popular learning management system in Japan, was actively.
Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.
This week's security roundup covers Linux privilege escalation zero-days, actively exploited Windows Defender vulnerabilities, router botnets hijacking DNS.
Microsoft has disclosed two Windows Defender vulnerabilities under active exploitation in the wild, including CVE-2026-41091 — a privilege escalation flaw...
This week's threat intelligence bulletin covers Linux rootkit campaigns, an actively exploited router zero-day, AI-assisted intrusions, new scam kit...
Trend Micro has patched an Apex One zero-day vulnerability actively exploited in attacks targeting Windows systems. The flaw, discovered in the company's...
Google accidentally leaked information about an unpatched Chromium vulnerability that allows JavaScript to continue running in the background even after...
Microsoft has issued emergency patches for two Windows Defender vulnerabilities that were actively exploited as zero-days before fixes were available....
A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...
A zero-day XSS vulnerability in Microsoft Exchange Server (CVE-2026-42897) is being actively exploited in the wild, allowing attackers to compromise...
A new Windows kernel privilege escalation zero-day dubbed MiniPlasma, released by researcher Chaotic Eclipse, grants SYSTEM-level access on fully patched...
Pwn2Own Berlin 2026 has concluded with security researchers earning over $1.29 million in prizes after successfully exploiting 47 zero-day vulnerabilities...
This week's cybersecurity landscape opened with a critical Microsoft Exchange spoofing zero-day under active exploitation, a coordinated npm/PyPI supply...
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed MiniPlasma that lets attackers gain...
Cisco has patched CVE-2026-20182, a zero-day in Catalyst SD-WAN Manager that has been actively exploited in targeted attacks by sophisticated threat actor...
The threat group UAT-8616 is actively exploiting a new Cisco SD-WAN zero-day and has been linked to multiple prior Cisco firewall and SD-WAN vulnerability...
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions actively being targeted...
On day two of Pwn2Own Berlin 2026, competitors demonstrated 15 unique zero-day vulnerabilities and collected $385,750 in awards, successfully exploiting...
Microsoft shared mitigations for a high-severity Exchange Server vulnerability being actively exploited that allows threat actors to execute arbitrary...
Threat actors began exploiting CVE-2026-44338, a missing authentication flaw in the PraisonAI multi-agent orchestration framework, within just four hours...
A security researcher has publicly released two unpatched Windows zero-day exploits: YellowKey, a BitLocker bypass requiring physical access, and...
An anonymous researcher has publicly disclosed two new unpatched Windows zero-days — YellowKey enabling BitLocker bypass and GreenPlasma targeting CTFMON...
A cybersecurity researcher has published proof-of-concept exploits for two unpatched Windows vulnerabilities — YellowKey (BitLocker bypass) and...
Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...
SecurityWeek reports that Google has confirmed detecting the first known AI-generated zero-day exploit actively used in the wild. The exploit, designed to...
Google Threat Intelligence Group researchers say a zero-day exploit targeting a widely used open-source web administration tool was likely generated using...
Google has disclosed a landmark discovery: an unknown threat actor used an AI system to develop a zero-day exploit in the wild — the first confirmed...
A critical authentication bypass flaw in cPanel/WHM has triggered a wave of exploit activity, with multiple proof-of-concept exploits now public and...
Ivanti has disclosed a high-severity improper input validation vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in the...
Palo Alto Networks has disclosed that CVE-2026-0300, a critical CVSS 9.3 buffer overflow in the PAN-OS User-ID Authentication service, is being actively...
This week's ThreatsDay threat roundup covers Microsoft Edge storing passwords in plaintext, industrial control system zero-days under active exploitation,...
Ivanti has issued an urgent advisory warning customers to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that...
A new unpatched Linux zero-day exploit dubbed 'Dirty Frag' allows local attackers to gain root privileges on virtually all major Linux distributions with...
CISA has added a high-severity Ivanti Endpoint Manager Mobile vulnerability to the Known Exploited Vulnerabilities catalog and issued an emergency...
Attackers are actively exploiting a new zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the latest in a long series of critical flaws...
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been...
SentinelOne details how its AI-driven behavioral detection stopped three zero-day supply chain attacks at machine speed — without prior knowledge of the...
Microsoft released patches for 167 security vulnerabilities in April 2026, including an actively exploited SharePoint Server zero-day and the publicly...
SentinelOne's AI-driven behavioral defense stopped three recent zero-day supply chain attacks before any payload signatures existed — demonstrating how...
More than 1,300 internet-facing Microsoft SharePoint servers remain unpatched against a spoofing vulnerability exploited as a zero-day, with active...
Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...
Adobe has patched an actively exploited zero-day in Acrobat and Reader that threat actors have been weaponizing via malicious PDF files since at least...
OX Security analyzed 216 million security findings across 250 organizations over 90 days and found critical risk grew by nearly 400% year-over-year, even...
Microsoft's April 2026 Patch Tuesday addressed 169 CVEs — the second-largest monthly update in company history — including one actively exploited...
Microsoft's April 2026 Patch Tuesday addresses a record 169 security vulnerabilities including a SharePoint zero-day actively exploited in the wild, 8...
This week's threat roundup covers an unpatched Microsoft Defender zero-day, active SonicWall brute-force campaigns, a 17-year-old Excel RCE vulnerability...
Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities that allow attackers to gain SYSTEM or elevated...
Huntress is warning that threat actors are actively exploiting three privilege escalation vulnerabilities in Microsoft Defender — codenamed BlueHammer,...
Anthropic's Claude Mythos Preview model can autonomously find and exploit zero-days across every major OS and browser at a 72.4% success rate — and it's...
A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...
A CVSS 10 critical vulnerability in the Sonos Era 300 smart speaker allows unauthenticated remote attackers to execute arbitrary code by exploiting an...
Threat actors have been exploiting an unpatched zero-day in Adobe Reader since at least November 2025, using specially crafted PDFs to fingerprint victims...
Attackers have been silently exploiting an unpatched zero-day vulnerability in Adobe Acrobat Reader since at least November 2025, using malicious PDFs to...
Anthropic's new Project Glasswing initiative uses a preview of its frontier model Claude Mythos to autonomously discover thousands of previously unknown...
A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...
Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...
A security researcher operating under the aliases 'Chaotic Eclipse' and 'Nightmare-Eclipse' has publicly released exploit code for an unpatched Windows...
A critical zero-day in FortiClient EMS with a CVSS score of 9.8 is being actively exploited in the wild while Fortinet has released only an emergency...
Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...
Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...
This week's biggest cybersecurity stories: a North Korean supply chain attack hit the Axios npm package, a new Chrome zero-day under active exploitation,...
SentinelOne intercepts a LiteLLM supply chain attack in real time, attackers weaponize the Axios npm package to deploy a cross-platform RAT, and a Chrome...
Apple has extended security update eligibility to additional iPhone models still running iOS 18, enabling more devices to receive protections against the...
Google has patched the fourth Chrome zero-day vulnerability actively exploited in attacks this year, a use-after-free flaw in the Dawn graphics engine...
Threat actors have weaponized an unpatched zero-day in TrueConf conference server software to execute arbitrary files on all connected endpoints,...
Google has released a Chrome security update patching 21 vulnerabilities including a high-severity use-after-free zero-day in the Dawn graphics engine...
Anthropic's Claude AI assistant discovered remote code execution vulnerabilities in both Vim and GNU Emacs text editors using simple security research...
Citrix has patched two NetScaler ADC and Gateway vulnerabilities — including a critical CVSS 9.3 out-of-bounds read flaw eerily similar to the previously...
Researchers say the GitHub leak of the DarkSword iOS exploit chain — six chained vulnerabilities targeting iOS 18.4 through 18.7 — threatens to...
CISA orders federal agencies to patch five actively exploited vulnerabilities by April 3, including three Apple flaws linked to the DarkSword iOS exploit...
CVE-2026-20131, a maximum-severity CVSS 10.0 insecure deserialization flaw in Cisco Firepower Management Center, was exploited by Interlock ransomware as...
CVE-2026-33017, a CVSS 9.3 unauthenticated remote code execution vulnerability in the Langflow AI platform, was weaponized by threat actors within 20...
CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...
The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...
Security teams racing to patch every new zero-day are fighting the symptom, not the cause. Intruder's Head of Security argues that most organizations have...
Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, with enterprise software and appliances accounting for...
This week: Google reports 90 zero-days exploited in 2025 with enterprise tech at 48%, CISA issues emergency directive for Cisco SD-WAN CVSS 10 zero-day,...
LexisNexis Legal & Professional confirms a data breach after threat actor FulcrumSec exploited an unpatched React2Shell vulnerability to exfiltrate 2.04...
A maximum-severity authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10.0) has been actively exploited by threat actor UAT-8616 since...
Google's March 2026 Android security bulletin addresses 129 vulnerabilities, including CVE-2026-21385 — an actively exploited zero-day in a Qualcomm...
A CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN has been exploited since at least 2023. CISA issues Emergency Directive ED 26-03 as all Five...
An actively exploited zero-day in Microsoft Word allows attackers to bypass OLE protections and execute malicious Office documents silently, without...
CrowdStrike's 2026 Global Threat Report reveals that AI-enabled adversary operations surged 89% year-over-year, the average eCrime breakout time dropped...
The U.S. Treasury sanctioned Russian zero-day exploit broker Operation Zero, its founder Sergey Zelenyuk, and affiliated entities after an FBI...
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access is under active exploitation,...
Google has patched CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS component that has been actively exploited — the first...
Microsoft's February 2026 Patch Tuesday addresses roughly 60 vulnerabilities including six actively exploited zero-days across Windows, Office, and Azure...
A maximum-severity CVSS 10.0 hardcoded credentials vulnerability in Dell RecoverPoint for VMs has been under active exploitation by China-nexus threat...
The Warlock ransomware group exploited CVE-2026-23760, an authentication bypass zero-day in SmarterMail, to breach SmarterTools itself, compromise 12...
Apple has patched CVE-2026-20700, a memory corruption vulnerability in dyld used in 'extremely sophisticated' targeted attacks. Discovered by Google TAG,...
An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...
Russia-linked APT28 (Fancy Bear) weaponized Microsoft Office CVE-2026-21509 within days of disclosure, deploying espionage implants against Ukrainian...
A high-severity use-after-free vulnerability in Chrome's CSS engine is being actively exploited in the wild. Google's first in-the-wild Chrome zero-day of...
Two critical Ivanti Endpoint Manager Mobile zero-days with CVSS 9.8 were exploited to breach the Dutch Data Protection Authority, European Commission, and...
Chrome's first zero-day of 2026, Ivanti EPMM breaches across EU governments, APT28's record-fast exploit weaponization, and the Cloudflare BGP outage that...
Apple releases emergency patches across all platforms for a memory corruption vulnerability in the Dynamic Link Editor (dyld) that was exploited in...
Peter Williams, former GM of L3Harris's cyber subsidiary Trenchant, admits to selling eight zero-day exploit kits to a Russian broker for $1.3M in...
Microsoft's February 2026 Patch Tuesday addresses 60 vulnerabilities including 6 actively exploited zero-days and 3 publicly disclosed issues, with...
Actively exploited zero-day in Windows RDS allows authenticated attackers with low privileges to escalate to SYSTEM. Public exploit code available....
A critical zero-day in BeyondTrust Remote Support and Privileged Remote Access enables unauthenticated command execution, potentially compromising entire...
Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...
Actively exploited Windows Shell vulnerability bypasses SmartScreen protection, allowing malicious files to execute without security warnings. Patch...
Critical Exchange and FortiOS zero-days, AI deepfake phishing surge, CISA zero trust mandate, post-quantum cryptography goes live, and the expanding RaaS...
Google has released an emergency Chrome update to fix a zero-day vulnerability being actively exploited in targeted attacks against journalists and activists.
Sophisticated attack chain leverages compromised SonicWall VPN and VMware ESXi vulnerabilities to break out of virtual machine isolation and compromise...
Microsoft's first security update of 2026 addresses 114 vulnerabilities including three zero-days. One flaw is actively exploited in the wild with CISA...
Apple has released security updates for iOS, macOS, watchOS, and tvOS addressing multiple actively exploited vulnerabilities. Users urged to update immediately.