Tag: zero-day
-
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-microsoft-defender-flaw-exploited-in-zero-day-attacks/
-
Claude Mythos Exposes 271 Zero-Day Security Flaws in Firefox
Mozilla has released Firefox 150, addressing a staggering 271 zero-day vulnerabilities. The security team identified these latent flaws using Anthropic’s early-stage Claude Mythos Preview AI model. This massive cleanup represents a major shift in how tech companies detect and defend against cyber threats. The Firefox team has spent recent months working alongside Anthropic to scan…
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/
-
Zero-Day-Lücken: Angriffe auf Windows-Systeme beobachtet
Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
-
Mozilla: Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150
CTO says new AI model is “every bit as capable” as world’s best security researchers. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Tags: access, ai, attack, breach, credentials, cybersecurity, exploit, identity, supply-chain, threat, zero-dayThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials.Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing First seen on thehackernews.com Jump…
-
(g+) Cisco FMC Zero-Day Interlock: Totalverlust der Netzwerksicherheit
Interlock hat eine CVSS-10-Lücke in Ciscos FMC 36 Tage als Zero-Day genutzt. So wurde das Firewall-Management-Interface zum Einfallstor. First seen on golem.de Jump to article: www.golem.de/news/cisco-fmc-zero-day-interlock-totalverlust-der-netzwerksicherheit-2604-207761.html
-
Zero-Day-Lücken unter Beschuss: Angriffe auf Windows-Systeme beobachtet
Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
-
Project Glasswing: When AI Becomes the Ultimate Hacker”, and Defender
Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them”, often without human input. But there’s a catch: it’s considered too powerful for public release. In this episode, we discuss what Project Glasswing is, why…
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…
-
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (…
-
Another Microsoft Defender privilege escalation bug emerges days after patch
Second Defender-based LPE in days: The Defender flaw addressed earlier this week as part of Patch Tuesday was one of the two zero-day bugs Microsoft fixed, and it also allowed local privilege escalation stemming from “insufficient granularity of access control.”While Microsoft attributed the discovery of the flaw, tracked as CVE-2026-33825, to security researcher Zen Dodd,…
-
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/microsoft-defender-zero-days-exploited/
-
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/
-
April Patch Tuesday brings zero-days in Defender, SharePoint Server
Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server
-
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-165-vulnerabilities-april-2026/
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
-
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pays-23-million-for-cloud-and-ai-flaws-at-zero-day-quest/
-
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
A security researcher operating under the alias >>Chaotic Eclipse<< has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerability. The uncoordinated release highlights an escalating conflict between independent security researchers and Microsoft's vulnerability disclosure programs. Public…
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a…
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…