zero-day Archives • Page 4 of 10 • Daily CyberSecurity

Zero-Day Chronomaly Exploit Grants Root Access to Vulnerable Linux Kernels CVE-2025-38352 Chronomaly exploit, Linux kernel privilege escalation 2026

CVE-2025-38352 Chronomaly exploit, Linux kernel privilege escalation 2026

Zero-Day Chronomaly Exploit Grants Root Access to Vulnerable Linux Kernels

Do Son January 7, 2026

Cybersecurity researcher farazsth98 has presented new findings related to an exploited security issue in Linux kernel flaw...

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Do Son January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear Xspeeder Zero-Day CVE-2025-54322

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Do Son December 29, 2025

A swarm of autonomous AI agents has successfully discovered a critical, unpatched vulnerability in networking gear used...

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords Linksys Auth Bypass, CVE-2025-52692

Zero-Day Alert: Linksys Auth Bypass Lets Hackers Hijack Routers Without Passwords

Do Son December 23, 2025

A popular Wi-Fi 6 router found in thousands of homes has been blown wide open by security...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

WatchGuard Under Siege: Critical CVSS 9.3 Zero-Day Exploited in the Wild to Hijack Corporate Firewalls

Do Son December 19, 2025

A critical zero-day vulnerability has shattered the security perimeter of WatchGuard Firebox appliances, forcing network administrators into...

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains

Do Son December 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to...

Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit

Do Son December 18, 2025

A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets

Do Son December 13, 2025

Apple has issued an urgent security intervention for iPhone and iPad users, releasing patches for two critical...

Emergency Chrome Update: Google Patches New Zero-Day Under Active Attack Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Emergency Chrome Update: Google Patches New Zero-Day Under Active Attack

Do Son December 11, 2025

Google has pushed an urgent security update to the Stable Channel for Desktop, racing to patch a...

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass Gogs Zero-Day RCE, Symlink Path Traversal

Gogs Zero-Day (CVE-2025-8110) Risks RCE for 700+ Servers via Symlink Path Traversal Bypass

Do Son December 11, 2025

A routine malware investigation has spiraled into the discovery of a widespread “smash-and-grab” campaign targeting the developer...

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack

Do Son December 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to patch...

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE

Do Son December 10, 2025

Microsoft has closed out the year with a substantial security update, addressing 72 vulnerabilities across its ecosystem...

AI Uncovers GhostPenguin: Undetectable Linux Backdoor Used RC5-Encrypted UDP for Covert C2 WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

AI Uncovers GhostPenguin: Undetectable Linux Backdoor Used RC5-Encrypted UDP for Covert C2

Do Son December 9, 2025

In a demonstration of AI-powered defense, security researchers at Trend Micro have uncovered a previously unknown and...

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain Intellexa Zero-Days, Predator Spyware

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain

Do Son December 8, 2025

The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Do Son December 5, 2025

Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage...

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

Do Son December 2, 2025

Google has released the Android Security Bulletin for December 2025, detailing a slate of vulnerabilities affecting the...

Water Gamayun Weaponizes “MSC EvilTwin” Zero-Day for Stealthy Backdoor Attacks CVE-2024-36072 Water Gamayun, MSC EvilTwin

Water Gamayun Weaponizes “MSC EvilTwin” Zero-Day for Stealthy Backdoor Attacks

Do Son November 27, 2025

A sophisticated new cyber espionage campaign has been uncovered by Zscaler Threat Hunting, revealing how a Russia-aligned...

Zero-Day Warning: Unpatched Twonky Server Flaws Expose Media to Total Takeover WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Zero-Day Warning: Unpatched Twonky Server Flaws Expose Media to Total Takeover

Do Son November 27, 2025

A critical security warning has been issued for users of Twonky Server, the popular media server software...

CISA KEV Alert: FortiWeb RCE Flaw (CVE-2025-58034) Under Active Exploitation for Command Injection

Do Son November 19, 2025

Fortinet has issued an urgent advisory warning customers that a newly disclosed vulnerability in FortiWeb, tracked as...

Critical Alert 1 Active Exploit Detected Today