Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zer...
Zero-Day
20 articles
Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes
A remotely exploitable zero-day vulnerability in Comodo Internet Security’s kernel-level firewall driver allows attackers to crash Windows systems with a sin...
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar fou...
Acer Confirms Patch in Progress for Wave 7 Router 0-Day Flaw
Acer has confirmed that it is actively developing a firmware patch to address critical zero-day vulnerabilities affecting its Wave 7 routers, following respo...
Acer addresses critical zero-day vulnerabilities in Wave 7 routers
The first vulnerability, CVE-2026-49200, is a broken access control flaw that allows unauthenticated attackers to access plaintext credentials from log archi...
Acer working to patch max severity zero-days in Wave 7 routers
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coord...
VS Code zero-day lets hackers steal GitHub tokens in one click
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authenticatio...
Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day
The actively exploited vulnerability, identified as CVE-2025-48595, is a high-severity flaw in the Android Framework that allows local attackers to gain code...
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123...
Google fixes one actively exploited Android zero-day, 124 flaws
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [.
Android Zero-Day Vulnerability Actively Exploited in Device Takeover Attacks
Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns abou...
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in th...
Microsoft says it will not pursue security researchers after zero-day backlash
Microsoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against i...
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both ...
Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests w...
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.
A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild.
This month in security with Tony Anscombe – May 2026 edition
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the f...
New Gogs zero-day flaw lets hackers get remote code execution
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [.
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affect...