zero-day Archives • Page 3 of 10 • Daily CyberSecurity

“Dormant” Backdoors: Ivanti EPMM Zero-Days Exploited to Plant Long-Term Spies

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Dormant” Backdoors: Ivanti EPMM Zero-Days Exploited to Plant Long-Term Spies

Do Son February 18, 2026

Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are currently being exploited in a widespread...

CISA Adds 2008 Windows Flaw & Chrome Zero-Day to KEV Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Adds 2008 Windows Flaw & Chrome Zero-Day to KEV

Do Son February 18, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw

Do Son February 16, 2026

A critical security vulnerability in FileZen, the popular file transfer appliance from Soliton Systems K.K., is currently...

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild

Do Son February 15, 2026

Google has pushed an urgent security update for its Chrome browser, racing to patch a high-severity zero-day...

Apple Zero-Day (CVE-2026-20700) Exploited in the Wild Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Apple Zero-Day (CVE-2026-20700) Exploited in the Wild

Do Son February 12, 2026

Apple has issued an emergency security update for its entire mobile ecosystem, racing to close a critical...

Patch Panic: Microsoft Fixes 6 Active Zero-Days in Feb 2026 Update Microsoft Patch Tuesday May 2026 Netlogon RCE CVE-2026-41089 SharePoint Exploit Patch Tuesday Windows DWM Zero-Day CVE-2026-21519 CVE-2024-49039 Microsoft Patch Tuesday March 2025

Microsoft Patch Tuesday May 2026 Netlogon RCE CVE-2026-41089 SharePoint Exploit Patch Tuesday Windows DWM Zero-Day CVE-2026-21519 CVE-2024-49039 Microsoft Patch Tuesday March 2025

Patch Panic: Microsoft Fixes 6 Active Zero-Days in Feb 2026 Update

Do Son February 11, 2026

Microsoft has released its security update for February 2026, addressing 61 vulnerabilities across its ecosystem. But the...

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December Metro4Shell CVE-2025-11953

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December

Do Son February 4, 2026

A new report from VulnCheck reveals that CVE-2025-11953, a critical flaw in the Metro development server dubbed...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Exploited in the Wild: Critical Ivanti EPMM RCE Flaws (CVSS 9.8) Under Attack

Do Son January 30, 2026

Ivanti has issued an urgent security advisory confirming that attackers are actively exploiting critical vulnerabilities in its...

Under Attack: Critical Fortinet Auth Bypass (CVE-2026-24858) Exploited in the Wild GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Under Attack: Critical Fortinet Auth Bypass (CVE-2026-24858) Exploited in the Wild

Do Son January 28, 2026

Fortinet has issued an urgent warning regarding a critical vulnerability affecting its core network security platforms, including...

Under Attack: Microsoft Patches Office Zero-Day (CVE-2026-21509) Exploited in the Wild CVE-2024-38021 Microsoft Office Zero-Day CVE-2026-21509

Under Attack: Microsoft Patches Office Zero-Day (CVE-2026-21509) Exploited in the Wild

Do Son January 27, 2026

Microsoft has rolled out an urgent security update to plug a zero-day hole exploited in attacks in...

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits

Do Son January 23, 2026

Fortinet is investigating a concerning new wave of attacks targeting its network security devices, where threat actors...

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild

Do Son January 22, 2026

Cisco has issued an urgent warning to network administrators worldwide: a critical remote code execution (RCE) vulnerability...

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets Windows Kernel Exploit CVE-2025-53136

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets

Do Son January 19, 2026

A security patch intended to fix a Windows kernel vulnerability inadvertently created a new information disclosure flaw....

Zero-Day Threat: UAT-8837 Targets North American Infrastructure Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Zero-Day Threat: UAT-8837 Targets North American Infrastructure

Do Son January 16, 2026

A sophisticated threat actor, tentatively linked to China, is aggressively targeting critical infrastructure in North America with...

Exploited in the Wild: Critical Modular DS Flaw CVE-2026-23550 (CVSS 10) Allows Instant Admin Takeover

Do Son January 15, 2026

A critical privilege escalation vulnerability, tracked as CVE-2026-23550 (CVSS 10), has been discovered in the Modular DS...

Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days

Do Son January 14, 2026

Microsoft has kicked off 2026 with a massive security update, addressing a total of 114 vulnerabilities in...

CISA KEV Alert: HPE’s Maximum CVSS Score Flaw and a Zombie PowerPoint Bug ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: HPE’s Maximum CVSS Score Flaw and a Zombie PowerPoint Bug

Do Son January 8, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two...

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Do Son January 8, 2026

In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025...

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw

Do Son January 8, 2026

The “black box” of a highly sophisticated Apple zero-day has just been cracked open. Security researcher jir4vv1t...

CVE-2026-0625: Critical Actively Exploited RCE Hits Unpatchable D-Link Routers

Do Son January 7, 2026

Security researchers warn that a critical remote code execution (RCE) vulnerability in legacy D-Link DSL routers is...

Critical Alert 1 Active Exploit Detected Today