ALL POSTS

Key Findings Claude Opus 4.6 successfully generated a functional Chrome exploit chain for $2,283 in API costs across 2.33 billion tokens The exploit targeted Discord's bundled Chrome version 138, which lagged nine major versions behind current upstream releases Exploit development required approximately 20 hours of human guidance, with the AI frequently getting stuck and requiring operator intervention Bug bounty programs like Google's v8CTF offer $5,000-$10,000 per valid exp

Key Findings Three Microsoft Defender zero-day vulnerabilities are being actively exploited in the wild by threat actors BlueHammer (CVE-2026-33825) has been patched as of April Patch Tuesday; RedSun and UnDefend remain unpatched All three flaws were released by researcher Chaotic Eclipse in response to Microsoft's vulnerability disclosure handling BlueHammer and RedSun enable local privilege escalation while UnDefend causes denial-of-service and blocks security definition up

Key Findings DarkSword is a sophisticated iOS exploit kit targeting devices running iOS 18.4-18.7 Developed by UNC6353, likely a Russia-linked group Exploits six vulnerabilities, including three zero-days Enables full device compromise with minimal user interaction Targets sensitive data, including credentials and crypto wallet information Operates in a "hit-and-run" approach, exfiltrating data quickly and then cleaning traces Background DarkSword emerged in late 2025 as a po

Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra

Key Findings Apple has fixed an actively exploited zero-day vulnerability in its ecosystem, including iOS, macOS, and other devices. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in Apple's Dynamic Link Editor (dyld) that allows attackers to execute arbitrary code. The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated, targeted attacks by nation-state actors or commercial spyware v

Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e

Key Findings Cisco patched a critical zero-day remote code execution (RCE) flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), that is actively being exploited in attacks. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. Cisco is aware of attempted exploitat

Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th

Key Findings Amazon's threat intelligence team observed an advanced persistent threat group exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products before the vendors disclosed and patched the issues. The attacks leveraged the following vulnerabilities: CVE-2025-5777 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited to bypass authentication. (Fixed

Key Findings Microsoft released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority zero-day flaw already being actively exploited in the wild. The most urgent patch is for CVE-2025-62215, a Windows Kernel Elevation of Privilege Vulnerability that allows an authenticated attacker to gain SYSTEM privileges. In addition to the zero-day, four other flaws have been rated as Critical severity, posing a significant risk of Remote Cod

Key Findings Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet's Triofox file-sharing platform (CVE-2025-12480). The vulnerability allowed attackers to bypass authentication, create administrative accounts, and achieve SYSTEM-level code execution through a chained attack path. The exploitation campaign was first detected on August 24, 2025, when Google Threat Intelligence