Zero-Day

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data

Dutch authorities have confirmed that recent cyber attacks exploiting zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) led to unauthorized access to employee contact information within government systems. The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) revealed that their environments were affected after attackers abused newly disclosed flaws in Ivanti […]

Dutch Authorities Confirm Ivanti Zero Day Exploit Exposed Employee Contact Data Read More »

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released

Ivanti has released urgent security updates to fix two critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), both of which have been actively exploited as zero day attacks. One of the flaws has also been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  Known Exploited Vulnerabilities catalog, highlighting the severity of the threat.

Two Ivanti EPMM Zero Day RCE Vulnerabilities Actively Exploited, Security Updates Released Read More »

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation

Microsoft has released emergency security updates for a critical Microsoft Office zero-day vulnerability that has been actively exploited by attackers. The flaw, identified as CVE-2026-21509 with a CVSS score of 7.8, is a security feature bypass within Microsoft Office. According to Microsoft, “Reliance on untrusted inputs in a security decision allows unauthorized attackers to bypass

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation Read More »

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released emergency security updates to address a critical zero day vulnerability affecting several Unified Communications products and Webex Calling Dedicated Instance. The flaw, tracked as CVE-2026-20045, has been confirmed as actively exploited in real world attacks, prompting urgent action from organizations using impacted systems. Critical Zero Day Allows Remote Command Execution The vulnerability

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex Read More »

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026

Security researchers made headlines at Pwn2Own Automotive 2026 by successfully hacking the Tesla Infotainment System and earning $516,500 on the first day of the competition. The event, held during the Automotive World 2026 conference in Tokyo, Japan, saw multiple teams demonstrating high-impact zero-day exploits against modern automotive systems. The Synacktiv Team claimed $35,000 by chaining an information leak with an out-of-bounds write

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026 Read More »

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections

Security researchers have disclosed a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security rules and directly access origin servers that were supposed to be fully protected. The issue was identified by researchers from FearsOff, who discovered that HTTP requests sent to the /.well-known/acme-challenge/ path could reach backend servers even when customers

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, calling for immediate patching of a critical React vulnerability amid escalating global exploitation. Agencies have now been instructed to apply fixes by December 12, 2025, underscoring the growing severity of the threat. The flaw, tracked as CVE-2025-55182 with a

React2Shell Exploitation Escalates into Large Scale Global Attacks, Triggering Emergency Mitigation Read More »

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances

A newly discovered and unpatched security vulnerability in Gogs is being actively exploited in the wild, with more than 700 compromised instances currently accessible over the internet. The findings were disclosed by Wiz following an investigation into a real world malware incident. The vulnerability, tracked as CVE-2025-8110 with a CVSS score of 8.7, affects the

Unpatched Gogs Zero Day Actively Exploited Across More Than 700 Instances Read More »