Zero-Day Archives

Microsoft Fixes 84 Security Flaws in March Patch Tuesday, Including Two Public Zero Days

March 12, 2026

Microsoft has rolled out security updates addressing 84 new vulnerabilities across multiple software components, with two of them publicly disclosed. Of these vulnerabilities, eight are classified as Critical and 76 as Important. Most patches (46) relate to privilege escalation, followed by 18 remote code execution flaws, 10 information disclosure issues, four spoofing weaknesses, four denial-of-service […]

Microsoft Fixes 84 Security Flaws in March Patch Tuesday, Including Two Public Zero Days Read More »

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1

March 4, 2026

A newly uncovered cyber offensive framework named Coruna, also tracked as CryptoWaters, has emerged as one of the most advanced iOS exploit kits observed in recent years. According to findings released by Google, the toolkit specifically targets Apple iPhone devices running iOS versions from 13.0 through 17.2.1. Devices operating on the latest iOS releases remain

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1 Read More »

CISA Includes Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 in KEV Catalog

March 4, 2026

The U.S. Cybersecurity and Infrastructure Security Agency has added a newly disclosed VMware vulnerability to its Known Exploited Vulnerabilities catalog after reports indicated real world abuse. The flaw, tracked as CVE-2026-22719, affects Broadcom VMware Aria Operations and carries a CVSS score of 8.1, classifying it as high severity. Command Injection Risk Enables Remote Code Execution According to

CISA Includes Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 in KEV Catalog Read More »

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component

March 3, 2026

Google has confirmed that a high severity vulnerability affecting a Qualcomm open source component used in Android devices is being actively exploited in targeted attacks. The flaw, tracked as CVE-2026-21385 with a CVSS score of 7.8, impacts the Graphics component and involves a buffer over read issue that may lead to memory corruption. Qualcomm Advisory

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component Read More »

APT28 Linked to CVE-2026-21513 MSHTML Zero Day Exploited Ahead of Feb 2026 Patch Tuesday

March 2, 2026

A high severity Microsoft vulnerability patched during February 2026 Patch Tuesday may have been actively exploited by the Russia linked threat group APT28, according to new research from Akamai. The flaw, tracked as CVE-2026-21513 with a CVSS score of 8.8, affects the MSHTML Framework and enables attackers to bypass key Windows security protections. Microsoft described

APT28 Linked to CVE-2026-21513 MSHTML Zero Day Exploited Ahead of Feb 2026 Patch Tuesday Read More »

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access

February 26, 2026

A critical zero-day vulnerability affecting Cisco Catalyst SD-WAN platforms has been actively exploited since 2023, enabling attackers to gain unauthorized administrative access to targeted environments. The flaw, identified as CVE-2026-20127, carries a maximum CVSS score of 10.0 and impacts both Cisco Catalyst SD-WAN Controller and SD-WAN Manager solutions. The vulnerability allows a remote, unauthenticated attacker

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access Read More »

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker

February 26, 2026

A former employee of U.S. defense contractor L3Harris has been sentenced to more than seven years in federal prison after admitting to selling eight highly sensitive zero-day exploits to a Russian exploit brokerage firm in exchange for millions in cryptocurrency. Peter Williams, 39, an Australian national, pleaded guilty in October 2025 to two counts of

Defense Contractor Employee Sentenced for Selling 8 Zero Days to Russian Broker Read More »

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024

February 18, 2026

A severe security vulnerability in Dell RecoverPoint for Virtual Machines (VMs) has been actively exploited as a zero-day by a suspected China-linked threat group known as UNC6201 since mid-2024, according to findings from Google Mandiant and the Google Threat Intelligence Group (GTIG). The vulnerability, identified as CVE-2026-22769 with a maximum CVSS score of 10.0, stems

Dell RecoverPoint for VMs Zero Day CVE-2026-22769 Exploited Since Mid 2024 Read More »

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

February 17, 2026

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released Read More »

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days

February 11, 2026

Microsoft has released security updates addressing 59 vulnerabilities across its software, including six zero-day flaws currently exploited in the wild. The patch rollout was announced on Tuesday, highlighting the urgent need for users and organizations to apply fixes. Severity Breakdown Of the 59 vulnerabilities, five are marked Critical, 52 Important, and two Moderate. Privilege escalation

Microsoft Fixes 59 Security Flaws, Including Six Actively Exploited Zero Days Read More »