top of page
ALL POSTS
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
Microsoft Patch Tuesday: 206 Vulnerabilities Patched Including Zero-Days and Critical RCE Exploits
Key Findings Microsoft released 206 security patches in June 2026, a record number including 39 Critical and 167 Important severity flaws Three vulnerabilities were publicly disclosed at the time of release, including two BitLocker bypasses and an HTTP.sys denial-of-service flaw Patch set includes 56 remote code execution vulnerabilities, 63 privilege escalation flaws, and multiple critical kernel issues Three highest severity flaws all carry a CVSS score of 9.8 and enable un
Jun 103 min read
Google's June 2026 Android Security Update Fixes 124 Vulnerabilities Including One Active Zero-Day Exploit
Key Findings Google released patches for 124 Android security vulnerabilities in June 2026, including one actively exploited flaw CVE-2025-48595 (CVSS 8.4) is a privilege escalation vulnerability in the Android Framework currently under limited, targeted exploitation The flaw affects Android 14, 15, 16, and 16 QPR2, requires no user interaction, and allows code execution through integer overflow CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on Ju
Jun 32 min read
MiniPlasma Windows 0-Day: SYSTEM Privilege Escalation on Fully Patched Systems
Key Findings Chaotic Eclipse released a proof-of-concept exploit for MiniPlasma, a Windows privilege escalation zero-day that grants SYSTEM privileges on fully patched systems The vulnerability exists in cldflt.sys (Windows Cloud Files Mini Filter Driver) within the HsmOsBlockPlaceholderAccess routine Originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020 and assigned CVE-2020-17103, the flaw was supposedly patched in December 2020
May 182 min read
NGINX CVE-2026-42945 Worker Crash Vulnerability Exploited in the Wild with Potential RCE
Key Findings NGINX vulnerability CVE-2026-42945 (CVSS 9.2) is actively exploited in the wild days after public disclosure Heap buffer overflow in ngx_http_rewrite_module affects NGINX versions 0.6.27 through 1.30.0 Flaw can crash worker processes or enable remote code execution on systems with ASLR disabled Exploitation requires specific NGINX configuration knowledge and crafted HTTP requests VulnCheck detected weaponized exploitation attempts against honeypot networks Two cr
May 172 min read
Pwn2Own Berlin 2026: DEVCORE Wins Master of Pwn with $1.298M in Payouts
Key Findings DEVCORE dominated Pwn2Own Berlin 2026, claiming Master of Pwn with 50.5 points and $505,000 in earnings Three-day competition yielded 47 unique zero-days with $1,298,250 in total payouts STARLabs SG finished second with 25 points and $242,500; Out Of Bounds took third with 12.75 points and $95,750 Microsoft SharePoint successfully exploited after surviving day two attempt OpenAI Codex compromised three separate times by different researchers using different techn
May 173 min read
ThreatsDay Bulletin: Edge Plaintext Password Exposure, Critical ICS 0-Days, Urgent Patch Alerts and 25+ Breaking Security Stories
Key Findings Microsoft Edge stores saved passwords in plaintext in memory on startup, accessible to any process with administrative privileges MicroStealer malware targeting education and telecom sectors spreads via multi-stage delivery chains and exfiltrates data through Discord FTC settlement with Kochava blocks sale of location data including income, device IDs, and real-time geolocation without explicit consent pnpm 11 implements 24-hour minimum release age for packages t
May 75 min read
Claude Opus Generated a Chrome Exploit for $2,283
Key Findings Claude Opus 4.6 successfully generated a functional Chrome exploit chain for $2,283 in API costs across 2.33 billion tokens The exploit targeted Discord's bundled Chrome version 138, which lagged nine major versions behind current upstream releases Exploit development required approximately 20 hours of human guidance, with the AI frequently getting stuck and requiring operator intervention Bug bounty programs like Google's v8CTF offer $5,000-$10,000 per valid exp
Apr 204 min read
Microsoft Defender Zero-Days Under Active Exploitation; Patches Released for Two Vulnerabilities
Key Findings Three Microsoft Defender zero-day vulnerabilities are being actively exploited in the wild by threat actors BlueHammer (CVE-2026-33825) has been patched as of April Patch Tuesday; RedSun and UnDefend remain unpatched All three flaws were released by researcher Chaotic Eclipse in response to Microsoft's vulnerability disclosure handling BlueHammer and RedSun enable local privilege escalation while UnDefend causes denial-of-service and blocks security definition up
Apr 172 min read
Powerful iOS Exploit Tool DarkSword Emerges in Global Attacks
Key Findings DarkSword is a sophisticated iOS exploit kit targeting devices running iOS 18.4-18.7 Developed by UNC6353, likely a Russia-linked group Exploits six vulnerabilities, including three zero-days Enables full device compromise with minimal user interaction Targets sensitive data, including credentials and crypto wallet information Operates in a "hit-and-run" approach, exfiltrating data quickly and then cleaning traces Background DarkSword emerged in late 2025 as a po
Mar 202 min read
Interlock Ransomware Group Exploits Cisco FMC Zero-Day Vulnerability 36 Days Before Disclosure
Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra
Mar 192 min read
Apple First Addressed Actively Exploited Zero-Day in 2026
Key Findings Apple has fixed an actively exploited zero-day vulnerability in its ecosystem, including iOS, macOS, and other devices. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in Apple's Dynamic Link Editor (dyld) that allows attackers to execute arbitrary code. The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated, targeted attacks by nation-state actors or commercial spyware v
Feb 122 min read
Microsoft Patches 59 Vulnerabilities, Including Six Actively Exploited Zero-Days
Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e
Feb 112 min read
Cisco Fixes Actively Exploited Zero-Day in Unified Communications
Key Findings Cisco patched a critical zero-day remote code execution (RCE) flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), that is actively being exploited in attacks. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. Cisco is aware of attempted exploitat
Jan 221 min read
Microsoft Addresses 56 Security Flaws, Including Active Exploit and Two Zero-Days
Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th
Dec 10, 20252 min read
Amazon Ties Cisco, Citrix Zero-Day Exploits to APT Group
Key Findings Amazon's threat intelligence team observed an advanced persistent threat group exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products before the vendors disclosed and patched the issues. The attacks leveraged the following vulnerabilities: CVE-2025-5777 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited to bypass authentication. (Fixed
Nov 12, 20252 min read
Microsoft Addresses 68 Vulnerabilities in November Patch Tuesday
Key Findings Microsoft released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority zero-day flaw already being actively exploited in the wild. The most urgent patch is for CVE-2025-62215, a Windows Kernel Elevation of Privilege Vulnerability that allows an authenticated attacker to gain SYSTEM privileges. In addition to the zero-day, four other flaws have been rated as Critical severity, posing a significant risk of Remote Cod
Nov 11, 20252 min read
Critical Triofox Zero-Day (CVE-2025-12480): Unauthenticated Admin Takeover Through Host Header Bypass
Key Findings Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet's Triofox file-sharing platform (CVE-2025-12480). The vulnerability allowed attackers to bypass authentication, create administrative accounts, and achieve SYSTEM-level code execution through a chained attack path. The exploitation campaign was first detected on August 24, 2025, when Google Threat Intelligence
Nov 11, 20252 min read
bottom of page
