Tag: zero-day
-
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update
-
Microsoft drops its second-largest monthly batch of defects on record
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/
-
Adobe fixes PDF zero-day security bug that hackers have exploited for months
It’s not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/
-
Claude Mythos Changed Everything. Your APIs Are the First Target.
Tags: access, ai, api, attack, breach, ceo, crowdstrike, cyber, cybersecurity, data, endpoint, exploit, finance, flaw, infrastructure, threat, tool, update, vulnerability, zero-dayAnthropic just released Claude Mythos Preview. They did not make it publicly available. That decision alone should tell you everything you need to know about what this model can do. During internal testing, Mythos autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. It found a 27-year-old bug in OpenBSD.…
-
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/adobe-patches-actively-exploited-zero-day
-
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/
-
Anthropic Just Gave Defenders a Firehose. They’re Already Drowning.
Anthropic announced Project Glasswing last week with the kind of language reserved for genuine inflection points. Claude Mythos Preview, a frontier model the company deliberately chose not to release publicly, had already identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a bug that had been sitting undetected in.. First…
-
Anthropic Just Gave Defenders a Firehose. They’re Already Drowning.
Anthropic announced Project Glasswing last week with the kind of language reserved for genuine inflection points. Claude Mythos Preview, a frontier model the company deliberately chose not to release publicly, had already identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a bug that had been sitting undetected in.. First…
-
âš¡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet…
-
Acrobat Reader: Adobe reagiert auf monatelang ausgenutzte Sicherheitslücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html
-
Acrobat Reader: Adobe reagiert auf monatelang ausgenutzte Sicherheitslücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html
-
Simply opening a PDF could trigger this Adobe Reader zero-day
Even though it’s patched, Adobe confirmed it was exploited in the wild, so updating is urgent, not optional. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/simply-opening-a-pdf-could-trigger-this-adobe-reader-zero-day/
-
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026 First seen…
-
(g+) DoppelDay bei Forticlient EMS: Eine offene Tür ins Unternehmensnetz
Tags: zero-dayZwei unauthentifizierte Lücken in sechs Wochen, rund 2.000 exponierte Instanzen: Wie Admins Forticlients Management Server jetzt schützen. First seen on golem.de Jump to article: www.golem.de/news/doppel-zero-day-bei-forticlient-ems-eine-offene-tuer-ins-unternehmensnetz-2604-207504.html
-
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/13/adobe-acrobat-reader-cve-2026-34621-emergency-fix/
-
Notfallupdate: Adobe reagiert auf monatelang ausgenutzte Reader-Lücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html
-
Notfallupdate: Adobe reagiert auf seit Monaten ausgenutzte Reader-Lücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html
-
Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader
Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating from the company. Designated as CVE-2026-34621, this vulnerability is an Improperly Controlled Modification of Object…
-
Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/12/week-in-review-windows-zero-day-exploit-leaked-patch-tuesday-forecast/
-
Saturday Security: AI Could Trigger a Zero-Day Exploit Tsunami
For decades, zero-day vulnerabilities were the cyber equivalent of secret weapons, only nation-states and elite attackers could find and weaponize them. That balance may be gone. On April 7, 2026, Anthropic announced Claude Mythos Preview, an AI model so capable of finding and exploiting vulnerabilities that the company decided it’s too dangerous to… First seen…
-
PDF öffnen reicht: Zero-Day-Lücke in Adobe Reader wird seit Monaten ausgenutzt
Angreifer nutzen seit Ende 2025 eine Zero-Day-Lücke in Adobe Reader aus, um Daten abzugreifen und Schadcode einzuschleusen. Ein Forscher schlägt Alarm. First seen on golem.de Jump to article: www.golem.de/news/pdf-oeffnen-reicht-ungepatchte-luecke-in-adobe-reader-seit-monaten-ausgenutzt-2604-207376.html
-
PDF öffnen reicht: Zero-Day-Lücke in Adobe Reader wird seit Monaten ausgenutzt
Angreifer nutzen seit Ende 2025 eine Zero-Day-Lücke in Adobe Reader aus, um Daten abzugreifen und Schadcode einzuschleusen. Ein Forscher schlägt Alarm. First seen on golem.de Jump to article: www.golem.de/news/pdf-oeffnen-reicht-ungepatchte-luecke-in-adobe-reader-seit-monaten-ausgenutzt-2604-207376.html
-
Project Glasswing Just Made Your Security Playbook Obsolete
Anthropic’s AI Model Exposes How Unprepared Enterprises Are to Respond. Anthropic’s announcement this week of Claude Mythos Preview frontier model capable of finding zero-days flaws humans may miss is both a warning and a call to action for CIOs: The way enterprises have been managing cybersecurity is about to change forever, and they need to…
-
Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape in 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-data-breaches-and-ai-risks-define-this-weeks-cybersecurity-landscape-in-2026/
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…