#zero-day
23 stories taggedzero-day.
CVE-2026-0257: Palo Alto GlobalProtect Authentication Bypass Hit in the Wild Within Days of Disclosure
A credential-less VPN session forgery flaw in PAN-OS moved from 'medium severity, no known exploitation' to CISA's KEV catalog in sixteen days. Federal agencies had 72 hours to patch.
Microsoft and Researcher Nightmare Eclipse Trade Public Accusations Over Disclosure Gone Wrong
A researcher who published unpatched vulnerability details says Microsoft deleted his accounts and ruined his life. Microsoft says his drops put proof-of-concept code in criminals' hands. Neither is entirely wrong.
Critical Argument Injection Zero-Day in Gogs Puts Self-Hosted Git Servers at Risk
A CVSS 9.4 flaw lets authenticated attackers execute arbitrary code through maliciously named pull-request branches — no patch is available.
Microsoft Reasserts Coordinated Disclosure Norms After Researcher Drops Zero-Days
Redmond is invoking CVD principles after a researcher publicly posted unpatched flaws, raising fresh questions about the boundary between disclosure ethics and platform enforcement.
FortiClient EMS Flaw Sees Fresh Exploitation After April Hotfix
Attackers are still hitting a critical FortiClient EMS vulnerability that Fortinet patched — and flagged as actively exploited — months ago.
Microsoft Rushes Fixes for Two Actively Exploited Defender Zero-Days as CISA Adds Both to KEV
A disgruntled researcher's GitHub exploits may be behind attacks on the Malware Protection Engine and Antimalware Platform — but Microsoft isn't saying so.
Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS abused to drop Godzilla, then Cobalt Strike
CVE-2026-5426 let attackers forge ViewState payloads against a Japanese LMS used across universities and corporate training portals. The bug was a zero-day before Digital Knowledge shipped a fix.
April Patch Tuesday Lands With 167 Microsoft Fixes, SharePoint Zero-Day Under Attack
BlueHammer Defender bug goes public, Adobe Reader flaw exploited since November, and Chrome ships its fourth zero-day of the year.