Tag: zero-day
-
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
-
Bug of the year (so far)? Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/cpanel_whn_cves/
-
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
-
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control over servers. The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the application’s session…
-
Linux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017
Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed >>Copy Fail<< (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exploit a logic flaw present in major Linux distributions released since 2017. Copy Fail is a local privilege escalation (LPE) vulnerability found…
-
Microsoft’s patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
Second try’s a charm? First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/microsoft_zero_click_exploit/
-
Claude Mythos Has Found 271 Zero-Days in Firefox
That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs…
-
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-flaw-exploited-in-zero-day-attacks/
-
CISA Warns of Windows Shell Zero-Day Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windows, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered zero-day vulnerability affecting Microsoft Windows. On April 28, 2026, the agency officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog. This critical flaw involves a failure of a protection mechanism within the Microsoft Windows Shell, and active exploitation…
-
Researchers Find 38 Flaws in OpenEMR. They’ve Been Fixed
AI Tool Used to Discover Bugs, Which Included 2 Maximum Severity Vulnerabilities. Researchers at security firm AISLE said they recently identified 38 vulnerabilities, including two maximum-severity zero-day flaws in OpenEMR, an open-source electronic medical record software platform used by about 100,000 healthcare providers globally. OpenEMR has patched the problems. First seen on govinfosecurity.com Jump to…
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
What the Mythos-Ready Briefing Says About Credentials
The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don’t replace credential attacks; they accelerate them. Credential security deserves to move up every CISO’s priority list. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-the-mythos-ready-briefing-says-about-credentials/
-
What the Mythos-Ready Briefing Says About Credentials
The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don’t replace credential attacks; they accelerate them. Credential security deserves to move up every CISO’s priority list. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-the-mythos-ready-briefing-says-about-credentials/
-
When Mythos Finds Thousands of Zero-Days, EU Regulators Won’t Wait for Your SOC to Catch Up
Can your SOC triage thousands of Mythos findings in 24 hours? NIS2, CRA, and DORA are all waiting. Miss one clock and the penalties begin. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/when-mythos-finds-thousands-of-zero-days-eu-regulators-wont-wait-for-your-soc-to-catch-up/
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Five steps to become Mythos ready
Tags: access, ai, attack, automation, breach, business, cloud, compliance, control, cvss, cyber, cybersecurity, data, defense, detection, exploit, flaw, framework, identity, incident response, infrastructure, LLM, mitre, network, office, open-source, openai, risk, software, threat, tool, training, update, vulnerability, zero-dayAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponize vulnerabilities at unprecedented machine speed. To avoid getting buried by an…
-
Why Chrome Zero-Days Keep Winning and What Enterprises Need to Change Blog – Menlo Security
Fourth Chrome zero-day of 2026 exposes a bigger issue: patching is too slow. Learn why browser isolation is key to preventing modern attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/why-chrome-zero-days-keep-winning-and-what-enterprises-need-to-change-blog-menlo-security/
-
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-microsoft-defender-flaw-exploited-in-zero-day-attacks/
-
Claude Mythos Exposes 271 Zero-Day Security Flaws in Firefox
Mozilla has released Firefox 150, addressing a staggering 271 zero-day vulnerabilities. The security team identified these latent flaws using Anthropic’s early-stage Claude Mythos Preview AI model. This massive cleanup represents a major shift in how tech companies detect and defend against cyber threats. The Firefox team has spent recent months working alongside Anthropic to scan…
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/
-
Zero-Day-Lücken: Angriffe auf Windows-Systeme beobachtet
Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
-
Mozilla: Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150
CTO says new AI model is “every bit as capable” as world’s best security researchers. First seen on arstechnica.com Jump to article: arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
From Panic to Playbook: Modernizing Zero”‘Day Response in AppSec
Learn how AppSec teams build a repeatable zero-day response workflow. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/from-panic-to-playbook-modernizing-zero%e2%80%91day-response-in-appsec/
-
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Tags: access, ai, attack, breach, credentials, cybersecurity, exploit, identity, supply-chain, threat, zero-dayThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials.Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing First seen on thehackernews.com Jump…
-
(g+) Cisco FMC Zero-Day Interlock: Totalverlust der Netzwerksicherheit
Interlock hat eine CVSS-10-Lücke in Ciscos FMC 36 Tage als Zero-Day genutzt. So wurde das Firewall-Management-Interface zum Einfallstor. First seen on golem.de Jump to article: www.golem.de/news/cisco-fmc-zero-day-interlock-totalverlust-der-netzwerksicherheit-2604-207761.html
-
Zero-Day-Lücken unter Beschuss: Angriffe auf Windows-Systeme beobachtet
Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
-
Project Glasswing: When AI Becomes the Ultimate Hacker”, and Defender
Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them”, often without human input. But there’s a catch: it’s considered too powerful for public release. In this episode, we discuss what Project Glasswing is, why…