Microsoft Defender Zero-Day Vulnerabilities Actively Exploited in the Wild
Microsoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security...
Zero-Day
20 articles
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exp...
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [.
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitl...
Huawei zero-day flaw reportedly caused Luxembourg telecom outage
The outage was triggered by specially crafted network traffic that exploited a previously unknown vulnerability in Huawei enterprise routers, forcing them in...
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw,...
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [.
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwi...
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
There is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.
Zero-Day Exploit Against Windows BitLocker
It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the al...
Microsoft discloses Exchange zero-day with no patch yet available
Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors ...
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, s...
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [.
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a ...
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain S...
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days.
Microsoft warns of active exploitation of new Exchange Server zero-day vulnerability
The vulnerability, a cross-site scripting flaw with a CVSS score of 8.1, specifically impacts Outlook Web Access (OWA).
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon ...
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple ...