zero-day

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Do Son January 8, 2026

In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025...

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

“Sophisticated” Zero-Day Demystified: Public Exploit Drop Blows Cover on Critical Apple WebKit Flaw

Do Son January 8, 2026

The “black box” of a highly sophisticated Apple zero-day has just been cracked open. Security researcher jir4vv1t...

CVE-2026-0625: Critical Actively Exploited RCE Hits Unpatchable D-Link Routers

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CVE-2026-0625: Critical Actively Exploited RCE Hits Unpatchable D-Link Routers

Do Son January 7, 2026

Security researchers warn that a critical remote code execution (RCE) vulnerability in legacy D-Link DSL routers is...

Zero-Day Chronomaly Exploit Grants Root Access to Vulnerable Linux Kernels CVE-2025-38352 Chronomaly exploit, Linux kernel privilege escalation 2026

CVE-2025-38352 Chronomaly exploit, Linux kernel privilege escalation 2026

Zero-Day Chronomaly Exploit Grants Root Access to Vulnerable Linux Kernels

Do Son January 7, 2026

Cybersecurity researcher farazsth98 has presented new findings related to an exploited security issue in Linux kernel flaw...

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Do Son January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear Xspeeder Zero-Day CVE-2025-54322

Xspeeder Zero-Day CVE-2025-54322

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Do Son December 29, 2025

A swarm of autonomous AI agents has successfully discovered a critical, unpatched vulnerability in networking gear used...

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords Linksys Auth Bypass, CVE-2025-52692

Linksys Auth Bypass, CVE-2025-52692

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords

Do Son December 23, 2025

A popular Wi-Fi 6 router found in thousands of homes has been blown wide open by security...

WatchGuard Under Siege: Critical CVSS 9.3 Zero-Day Exploited in the Wild to Hijack Corporate Firewalls

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

WatchGuard Under Siege: Critical CVSS 9.3 Zero-Day Exploited in the Wild to Hijack Corporate Firewalls

Do Son December 19, 2025

A critical zero-day vulnerability has shattered the security perimeter of WatchGuard Firebox appliances, forcing network administrators into...

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains

Do Son December 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to...

Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit

Do Son December 18, 2025

A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets

Do Son December 13, 2025

Apple has issued an urgent security intervention for iPhone and iPad users, releasing patches for two critical...

Emergency Chrome Update: Google Patches New Zero-Day Under Active Attack Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Emergency Chrome Update: Google Patches New Zero-Day Under Active Attack

Do Son December 11, 2025

Google has pushed an urgent security update to the Stable Channel for Desktop, racing to patch a...

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass Gogs Zero-Day RCE, Symlink Path Traversal

Gogs Zero-Day RCE, Symlink Path Traversal

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass

Do Son December 11, 2025

A routine malware investigation has spiraled into the discovery of a widespread “smash-and-grab” campaign targeting the developer...

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack

Do Son December 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to patch...

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE

Do Son December 10, 2025

Microsoft has closed out the year with a substantial security update, addressing 72 vulnerabilities across its ecosystem...

AI Uncovers GhostPenguin: Undetectable Linux Backdoor Used RC5-Encrypted UDP for Covert C2 WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

AI Uncovers GhostPenguin: Undetectable Linux Backdoor Used RC5-Encrypted UDP for Covert C2

Do Son December 9, 2025

In a demonstration of AI-powered defense, security researchers at Trend Micro have uncovered a previously unknown and...

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain Intellexa Zero-Days, Predator Spyware

Intellexa Zero-Days, Predator Spyware

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain

Do Son December 8, 2025

The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to...

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Do Son December 5, 2025

Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage...

Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

Do Son December 2, 2025

Google has released the Android Security Bulletin for December 2025, detailing a slate of vulnerabilities affecting the...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
CVE-2026-21509CVSS 7.8
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a...
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...
CVE-2024-23692CVSS 9.8
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This...
CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated...