Tag: zero-day
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
prompted 2026 Al Found 12 Zero-Days in OpenSSL
Author, Creator & Presenter: Adam Krivka, Al Security Researcher. At AISLE & Ondrei VIcek, Co-founder & CEO At AISLE Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-al-found-12-zero-days-in-openssl/
-
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…
-
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (…
-
Another Microsoft Defender privilege escalation bug emerges days after patch
Second Defender-based LPE in days: The Defender flaw addressed earlier this week as part of Patch Tuesday was one of the two zero-day bugs Microsoft fixed, and it also allowed local privilege escalation stemming from “insufficient granularity of access control.”While Microsoft attributed the discovery of the flaw, tracked as CVE-2026-33825, to security researcher Zen Dodd,…
-
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/microsoft-defender-zero-days-exploited/
-
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/
-
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-165-vulnerabilities-april-2026/
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
-
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pays-23-million-for-cloud-and-ai-flaws-at-zero-day-quest/
-
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
A security researcher operating under the alias >>Chaotic Eclipse<< has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerability. The uncoordinated release highlights an escalating conflict between independent security researchers and Microsoft's vulnerability disclosure programs. Public…
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a…
-
NIST cuts down CVE analysis amid vulnerability overload
Tags: ai, automation, awareness, ceo, cve, cybersecurity, defense, exploit, flaw, government, group, incident response, nist, software, technology, threat, update, vulnerability, zero-daySOURCE: www.cve.org/about/Metrics CSOAs a result, NIST will now forego enrichment for all but the most critical of vulnerabilities.Backlogged CVEs received prior to March 1 will also be labeled “not scheduled.” None of those are critical vulnerabilities, NIST said, because those have always been handled first.”They’ve just come out and publicly stated, ‘We are never going…
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
-
April Patch Tuesday brings zero-days in Defender, SharePoint Server
Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update
-
Microsoft drops its second-largest monthly batch of defects on record
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/
-
Adobe fixes PDF zero-day security bug that hackers have exploited for months
It’s not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/
-
Claude Mythos Changed Everything. Your APIs Are the First Target.
Tags: access, ai, api, attack, breach, ceo, crowdstrike, cyber, cybersecurity, data, endpoint, exploit, finance, flaw, infrastructure, threat, tool, update, vulnerability, zero-dayAnthropic just released Claude Mythos Preview. They did not make it publicly available. That decision alone should tell you everything you need to know about what this model can do. During internal testing, Mythos autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. It found a 27-year-old bug in OpenBSD.…
-
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/adobe-patches-actively-exploited-zero-day
-
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/
-
Acrobat Reader: Adobe reagiert auf monatelang ausgenutzte Sicherheitslücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html
-
Acrobat Reader: Adobe reagiert auf monatelang ausgenutzte Sicherheitslücke
Wer Adobe Acrobat oder den Acrobat Reader nutzt, sollte das PDF-Tool zügig updaten. Nutzer werden seit Ende 2025 über eine Zero-Day-Lücke attackiert. First seen on golem.de Jump to article: www.golem.de/news/dringend-updaten-adobe-patcht-seit-monaten-ausgenutzte-reader-luecke-2604-207484.html