#zero-day
23 stories taggedzero-day.
NAIC Says ShinyHunters Walked Out With Public Data and Stale Logs After PeopleSoft Zero-Day Hit
The regulator-of-regulators confirms an Oracle PeopleSoft zero-day was the entry point, but disputes the extortion crew's claims about what was taken.
Cisco Catalyst SD-WAN Bug Hit as Zero-Day Months Before Disclosure
Mandiant says an unidentified actor exploited CVE-2026-20245 for at least two months before Cisco's public advisory, gaining root on affected appliances.
Microsoft Acknowledges 'RoguePlanet' Defender Zero-Day, Patch Still in the Works
CVE-2026-50656 is a privilege escalation bug in the Malware Protection Engine — the component sitting at the heart of every Defender install.
GreatXML's BitLocker Bypass Claim Falls Short — For Now
A pseudonymous researcher dropped an alleged WinRE-based BitLocker exploit days after Patch Tuesday. A respected vulnerability analyst couldn't replicate it. The researcher is already hunting a fix.
ShinyHunters Rode a PeopleSoft Zero-Day Into University Networks
A CVSS 9.8 RCE flaw in Oracle PeopleSoft gave UNC6240 a two-week head start before Oracle even confirmed the bug existed.
ShinyHunters Hit Universities Through PeopleSoft Zero-Day Before Oracle Patch
Mandiant ties a two-week extortion spree against Oracle PeopleSoft deployments to UNC6240, the cluster better known as ShinyHunters.
Oracle Patches PeopleSoft Flaw Tied to ShinyHunters Activity, Stays Quiet on Zero-Day Status
CVE-2026-35273 has a fix. Whether attackers got there first is a question Oracle isn't answering.
210 CVEs, Three Zero-Days, and a Microsoft Warning That This Is Just the Beginning
June Patch Tuesday sets a volume record. Microsoft says AI-assisted discovery is why, and that you should get used to it.
RoguePlanet Zero-Day Drops as Nightmare Eclipse–Microsoft Feud Reaches New Low
A race-condition bug in Microsoft Defender can yield a SYSTEM shell on fully patched Windows 11 and 10. No patch exists. The researcher dropped it the day after June Patch Tuesday.
Microsoft's October Dump: 206 CVEs, Three Already Public
A record Patch Tuesday hauls in 39 Critical bugs and a trio of zero-days that were knocking around before the fix shipped.
RoguePlanet PoC Drops: Another Defender Race Condition, Another Path to SYSTEM
An anonymous researcher publishing as Chaotic Eclipse dropped a proof-of-concept against Microsoft Defender that wins SYSTEM on fully patched Windows — when the race goes their way.
Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days
AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.
Chrome Ships Emergency V8 Fix for CVE-2026-11645 Already Under Attack
An out-of-bounds read/write in V8 is being exploited in the wild. Google's update covers 74 issues. Patch, then verify your browser fleet actually restarted.
Cisco SD-WAN Manager Has an Unpatched Privilege-Escalation Flaw Under Active Exploitation
A command-injection bug in Catalyst SD-WAN Manager is already being used in the wild. No patch exists yet — and a known espionage group may be involved.
Microsoft Threatened a Bug Hunter With Legal Action. Now It's Walking That Back.
A researcher dropped unpatched zero-days with working exploits. Microsoft's first response was to reach for the lawyers. That went poorly.