PROBABLYPWNED
Home/Tag/Zero Day

Zero Day

70 articles tagged with "Zero Day"

Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0
Vulnerabilities3 min read

Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0

CVE-2026-20182 allows unauthenticated attackers to inject rogue peers into Cisco SD-WAN fabrics. Active exploitation since May; no workaround available—patch immediately.

Marcus ChenJul 1, 2026
Second Cisco SD-WAN Zero-Day Hits CISA KEV in Two Weeks
Vulnerabilities3 min read

Second Cisco SD-WAN Zero-Day Hits CISA KEV in Two Weeks

CVE-2026-20262 joins CVE-2026-20245 on CISA's exploited vulnerabilities list. Attackers deploy malicious .war files via path traversal to gain root access on Catalyst SD-WAN Manager.

Marcus ChenJun 17, 2026
Check Point VPN PoC Drops as Exploitation Intensifies
Vulnerabilities4 min read

Check Point VPN PoC Drops as Exploitation Intensifies

WatchTowr Labs published technical details and exploit code for CVE-2026-50751, the auth bypass flaw already used by Qilin ransomware. TCP 443 bypass works too.

Vulnerability DeskJun 13, 2026
Arista Refuses to Patch Exploited Flaw Added to CISA KEV
Vulnerabilities3 min read

Arista Refuses to Patch Exploited Flaw Added to CISA KEV

CVE-2026-7473 lets attackers bypass tunnel security controls on Arista network devices. CISA added it to KEV—but Arista says patching would 'break existing configurations.'

Vulnerability DeskJun 11, 2026
RoguePlanet Zero-Day Bypasses Fully-Patched Windows Defender
Vulnerabilities3 min read

RoguePlanet Zero-Day Bypasses Fully-Patched Windows Defender

Security researcher Nightmare Eclipse releases fourth Microsoft Defender zero-day in months, granting SYSTEM privileges on patched Windows 10 and 11 systems. Here's what defenders need to know.

Vulnerability DeskJun 11, 2026
Microsoft Patches 206 Flaws Including Wormable Kernel RCE
Vulnerabilities4 min read

Microsoft Patches 206 Flaws Including Wormable Kernel RCE

Microsoft's record-breaking June 2026 Patch Tuesday fixes 206 vulnerabilities including CVE-2026-45657, a CVSS 9.8 wormable kernel flaw allowing remote code execution without authentication.

Vulnerability DeskJun 10, 2026
Trend Micro Apex One Zero-Day Added to CISA KEV
Vulnerabilities3 min read

Trend Micro Apex One Zero-Day Added to CISA KEV

CVE-2026-34926 lets attackers inject malicious code into Apex One servers and deploy it to all connected endpoint agents. CISA confirms active exploitation with June 4 federal deadline.

Vulnerability DeskMay 24, 2026
24 Zero-Days Fall on Day One of Pwn2Own Berlin 2026
Vulnerabilities4 min read

24 Zero-Days Fall on Day One of Pwn2Own Berlin 2026

Security researchers exploited Windows 11, Microsoft Edge, Red Hat Linux, and multiple AI platforms on the first day of Pwn2Own Berlin 2026, earning $523,000 for 24 unique zero-day vulnerabilities.

Vulnerability DeskMay 14, 2026
Google Catches First AI-Generated Zero-Day Exploit in the Wild
Threat Intelligence4 min read

Google Catches First AI-Generated Zero-Day Exploit in the Wild

Google's Threat Intelligence Group identifies a criminal group using an LLM-generated exploit to bypass 2FA in a web admin tool—marking the first confirmed AI-built zero-day in active use.

Threat Intel DeskMay 11, 2026
APT28's PRISMEX Malware Targets NATO Supply Chains
Threat Intelligence4 min read

APT28's PRISMEX Malware Targets NATO Supply Chains

Russian military hackers deployed PRISMEX steganography malware against Ukraine and NATO logistics networks, exploiting zero-days CVE-2026-21509 and CVE-2026-21513 weeks before patches.

Threat Intel DeskApr 30, 2026
Defender Zero-Days Hit Live Attacks - Two Still Unpatched
Vulnerabilities4 min read

Defender Zero-Days Hit Live Attacks - Two Still Unpatched

Huntress confirms hands-on-keyboard exploitation of all three Windows Defender zero-days. Microsoft patched BlueHammer, but RedSun and UnDefend remain unpatched as attackers chain them for SYSTEM access.

Vulnerability DeskApr 23, 2026
RedSun: Second Windows Defender Zero-Day Drops in Two Weeks
Vulnerabilities4 min read

RedSun: Second Windows Defender Zero-Day Drops in Two Weeks

Frustrated researcher 'Chaotic Eclipse' releases RedSun, another Windows Defender privilege escalation exploit granting SYSTEM access. Microsoft has not yet patched this second zero-day.

Vulnerability DeskApr 17, 2026
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Access
Threat Intelligence4 min read

Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Access

Microsoft links China-based Storm-1175 to high-velocity Medusa ransomware attacks exploiting zero-day vulnerabilities. Healthcare, education, and finance sectors hit across Australia, UK, and US.

Threat Intel DeskApr 7, 2026
Google Patches Fourth Chrome Zero-Day of 2026
Vulnerabilities4 min read

Google Patches Fourth Chrome Zero-Day of 2026

CVE-2026-5281 exploited in the wild targets Dawn WebGPU implementation. Google rushes emergency patch as Chrome zero-days accelerate in 2026.

Vulnerability DeskApr 1, 2026
Langflow RCE Exploited Within 20 Hours of Disclosure
Vulnerabilities4 min read

Langflow RCE Exploited Within 20 Hours of Disclosure

CVE-2026-33017 (CVSS 9.3) lets attackers execute arbitrary Python code on Langflow AI pipelines without authentication. Exploitation began before any PoC existed.

Vulnerability DeskMar 21, 2026
APT28 Linked to MSHTML Zero-Day Exploited Before Patch
Threat Intelligence4 min read

APT28 Linked to MSHTML Zero-Day Exploited Before Patch

Security researchers tie Russia's APT28 to CVE-2026-21513 exploitation using malicious LNK files. The MSHTML zero-day was weaponized weeks before Microsoft's February patch.

Threat Intel DeskMar 3, 2026
Android March Patch Fixes Qualcomm Zero-Day Under Attack
Vulnerabilities5 min read

Android March Patch Fixes Qualcomm Zero-Day Under Attack

Google's March 2026 Android security update patches 129 vulnerabilities including CVE-2026-21385, a Qualcomm graphics flaw affecting 234 chipsets under active exploitation.

Vulnerability DeskMar 3, 2026