Tag

Zero Day

All articles tagged with #zero day

technology2 days ago•6 min saved

Cisco SD-WAN auth flaw fuels years-long zero-day campaigns, urgent patch urged

Cisco warns of a critical authentication-bypass vulnerability in Catalyst SD-WAN (CVE-2026-20127) that attackers actively exploited since 2023 to log in as a high-privilege user, insert rogue peers, and potentially gain root access. Government advisories (CISA and UK NCSC) issued urgent directives; Cisco released updates but says no workaround fully mitigates the issue. Organizations should harden exposed interfaces, review logs for anomalous peering, and patch promptly.

via BleepingComputer|

#cisco #cve-2026-20127 #cybersecurity

technology10 days ago•8 min saved

Apple issues urgent patch for actively exploited zero-day across iPhone, iPad, Macs and more

Apple has released emergency security updates to fix CVE-2026-20700, a zero-day vulnerability that was actively exploited in targeted attacks across iPhone, iPad, Mac, Apple Watch, Apple TV, Safari and related OS components. The flaw could allow arbitrary code execution, and attackers had already used it in the wild. Apple urges users to update to the latest versions (iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, watchOS 26.3, tvOS 26.3, visionOS 26.3, and Safari 26.3) immediately and enable automatic updates. Updating closes the attackers’ window of opportunity, so keep devices plugged in and connected during install.

via Fox News|

#apple #cve-2026-20700 #security

technology11 days ago•4 min saved

Google Rolls Out Rapid Chrome Patch After First 2026 Zero-Day Exploitation

Google released an emergency Chrome patch to fix CVE-2026-2441, a use-after-free in CSS font rendering that was exploited in the wild; the fix was backported to stable builds on Windows, macOS and Linux, and users are urged to update immediately as more patches could follow.

via LinkedIn|

#chrome #cybersecurity #patch

technology11 days ago•3 min saved

Chrome gets emergency fix for the first 2026 zero-day exploited in the wild

Google released emergency Chrome updates to fix CVE-2026-2441—a use-after-free in CSSFontFeatureValuesMap exploited in the wild—marking Chrome’s first zero-day patch of 2026; the fix has been backported across commits and is rolling out to Windows, macOS (145.0.7632.75/76), and Linux (144.0.7559.75), with a note that related issues remain addressed in bug 48393607. Users should update Chrome or enable auto-update.

via BleepingComputer|

#chrome #cve-2026-2441 #cybersecurity

security12 days ago•1 min saved

Chrome patch blocks actively exploited CSS zero-day with CVE-2026-2441

Google released security updates for Chrome to fix a high-severity use-after-free in CSS (CVE-2026-2441) that was being exploited in the wild. Updates are available for Windows/macOS (145.0.7632.75/76) and Linux (144.0.7559.75); users should relaunch Chrome after updating. The vulnerability’s exploit exists in the wild, and the article notes Apple also patched related zero-days. Users of other Chromium-based browsers should apply fixes when available.

via The Hacker News|

#chrome #cve-2026-2441 #patch

cybersecurity22 days ago•3 min saved

Claude Opus 4.6 Unmasks 500 Open-Source Flaws, Redefining Cyber Defense

Anthropic’s Claude Opus 4.6, tested in a sandbox, autonomously found over 500 previously unknown high-severity zero-day vulnerabilities in open-source libraries—ranging from crashes to memory corruption—in projects like GhostScript, OpenSC, and CGIF; it used out-of-the-box analysis and even wrote its own proof-of-concepts in some cases. Anthropic says these capabilities could greatly aid defenders, plans to broaden access to the security community, and has added safeguards to prevent abuse.

via Axios|

#ai-security #cybersecurity #open-source

cybersecurity25 days ago•27 min saved

Week in Cybersecurity: Proxy Botnet Disrupted, Office Zero-Day Patched, MongoDB Extortion Surges

This weekly cybersecurity digest flags a busy threat landscape: Google disrupted the IPIDEA residential proxy network, shrinking attackers’ exit nodes; Microsoft patched a critical Office zero-day (CVE-2026-21509) and Ivanti fixed EPMM flaws (CVE-2026-1281/1340); CERT Polska linked destructive attacks on wind/solar facilities to Static Tundra; new campaigns include Operation Bizarre Bazaar targeting exposed AI endpoints and a surge of MongoDB extortion against over 1,400 exposed databases; other notes cover Exfil Out&Look via Outlook add-ins, PyRAT’s cross‑platform capabilities, TA584’s evolving attack chain with Tsundere Bot and XWorm, and related cybercrime trends.

via The Hacker News|

#artificial-intelligence #cybersecurity #ransomware

security28 days ago•4 min saved

Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued

Ivanti disclosed two critical RCE zero-day flaws in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) exploited in the wild at a limited number of customers. Both flaws score 9.8 and can run arbitrary code remotely without authentication. Ivanti released RPM-based mitigations for affected EPMM versions, noting no downtime is required but hotfixes must be reapplied after any version upgrade; a permanent fix arrives with EPMM 12.8.0.0 in Q1 2026. Exploitation can reveal administrator and user data, device details, and location (if enabled), and attackers could alter configurations via the API or web console. Defenders can detect activity via a specific Apache access-log regex, though logs can be altered by attackers. Recovery guidance includes restoring from a known-good backup or rebuilding, resetting local and service accounts' passwords, rotating certificates, and reviewing Sentry logs. CISA has added CVE-2026-1281 to KEV; federal agencies must patch or decommission affected systems by Feb 1, 2026.

via BleepingComputer|

#epmm #ivanti #patch-management

security1 month ago•2 min saved

Emergency patch fixes active Microsoft Office zero-day CVE-2026-21509

Microsoft issued an out-of-band fix for a high-severity Office zero-day (CVE-2026-21509) that enables a local security feature bypass when users open a specially crafted Office file; exploitation requires user interaction, and the Preview Pane is not a vector. Office 2021+ patches will apply automatically with a service-side change but require restarting Office apps, while Office 2016/2019 users must install specific updates. A registry workaround is provided as mitigation. The flaw has been added to the CISA Known Exploited Vulnerabilities catalog, with federal agencies required to patch by February 16, 2026. Credit goes to MSTIC, MSRC, and the Office security team.

via The Hacker News|

#cve-2026-21509 #kev-catalog #microsoft-office

technology1 month ago•5 min saved

Microsoft Pushes Emergency Office Patch for Actively Exploited Zero-Day

Microsoft issued emergency out-of-band security updates to fix a high-severity Office zero-day (CVE-2026-21509) being actively exploited. The flaw affects multiple Office versions, including 2016, 2019, LTSC 2021/2024, and Microsoft 365 Apps for Enterprise, with patches for 2016/2019 not yet available. Exploitation requires user interaction via a malicious Office file, bypassing OLE mitigations. Office 2021+ will be protected via a service-side change (restart required). For older Office versions, Microsoft provides mitigations, including registry changes, to reduce exploitation risk. Additional related fixes were noted from January 2026 Patch Tuesday.

via BleepingComputer|

#cve-2026-21509 #microsoft-office #olecom-mitigations

technology1 month ago•8 min saved

Microsoft's January 2026 Patch Tuesday: 3 zero-days and 114 fixes

Microsoft's January 2026 Patch Tuesday patches 114 vulnerabilities and three zero-days across Windows, Azure, Office, Edge, and related components, including elevation of privilege, information disclosure, and remote code execution flaws. Users should apply the updates promptly to mitigate risk.

via BleepingComputer|

#cybersecurity #microsoft #patch-tuesday

technology2 months ago•2 min saved

Apple and Google Release Urgent Patches for Zero-Day Vulnerabilities

Apple and Google issued emergency patches for zero-day vulnerabilities actively exploited in targeted attacks, with Apple fixing bugs in WebKit on iPhones, iPads, and Macs, and Google updating Chrome to address at least one zero-day exploit, highlighting ongoing risks and the high value of browsers and mobile platforms for attackers.

via theregister.com|

#apple #google #patches

security3 months ago•4 min saved

Microsoft and Adobe Release Critical Security Patches for Zero-Day and Flaw Fixes

Microsoft released security patches for 63 vulnerabilities, including a actively exploited Windows Kernel zero-day (CVE-2025-62215) that could allow privilege escalation, along with other critical flaws in graphics, Linux subsystem, and Kerberos, emphasizing ongoing threats and the importance of timely updates.

via The Hacker News|

#microsoft #patches #security

technology3 months ago•7 min saved

Microsoft's November 2025 Patch Fixes Zero-Day and 63 Flaws

Microsoft's November 2025 Patch Tuesday addresses 63 security flaws, including one actively exploited zero-day in the Windows Kernel, with critical updates for various vulnerabilities across Microsoft products. The update emphasizes the importance of upgrading from unsupported Windows 10 to Windows 11 and highlights recent security patches from other vendors. A webinar on modern patch management is also promoted.

via BleepingComputer|

#microsoft #patch-tuesday #security-flaws

technology3 months ago•9 min saved

Microsoft and Adobe Release Critical Security Patches for Multiple Vulnerabilities in November 2025

Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities across its ecosystem, including one zero-day actively exploited in the wild, emphasizing the urgent need for immediate patch deployment to mitigate risks from critical flaws in Windows, Office, Azure, and other products.

via CyberSecurityNews|

#microsoft #patching #security-updates