Tag

#zero-day

23 stories taggedzero-day.

Vulnerabilities

CVE-2026-0257: Palo Alto GlobalProtect Authentication Bypass Hit in the Wild Within Days of Disclosure

A credential-less VPN session forgery flaw in PAN-OS moved from 'medium severity, no known exploitation' to CISA's KEV catalog in sixteen days. Federal agencies had 72 hours to patch.

2 min
Vulnerabilities

Microsoft and Researcher Nightmare Eclipse Trade Public Accusations Over Disclosure Gone Wrong

A researcher who published unpatched vulnerability details says Microsoft deleted his accounts and ruined his life. Microsoft says his drops put proof-of-concept code in criminals' hands. Neither is entirely wrong.

3 min
Vulnerabilities

Critical Argument Injection Zero-Day in Gogs Puts Self-Hosted Git Servers at Risk

A CVSS 9.4 flaw lets authenticated attackers execute arbitrary code through maliciously named pull-request branches — no patch is available.

2 min
Policy & Regulation

Microsoft Reasserts Coordinated Disclosure Norms After Researcher Drops Zero-Days

Redmond is invoking CVD principles after a researcher publicly posted unpatched flaws, raising fresh questions about the boundary between disclosure ethics and platform enforcement.

2 min
Vulnerabilities

FortiClient EMS Flaw Sees Fresh Exploitation After April Hotfix

Attackers are still hitting a critical FortiClient EMS vulnerability that Fortinet patched — and flagged as actively exploited — months ago.

2 min
Vulnerabilities

Microsoft Rushes Fixes for Two Actively Exploited Defender Zero-Days as CISA Adds Both to KEV

A disgruntled researcher's GitHub exploits may be behind attacks on the Malware Protection Engine and Antimalware Platform — but Microsoft isn't saying so.

2 min
Vulnerabilities

Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS abused to drop Godzilla, then Cobalt Strike

CVE-2026-5426 let attackers forge ViewState payloads against a Japanese LMS used across universities and corporate training portals. The bug was a zero-day before Digital Knowledge shipped a fix.

2 min
Vulnerabilities

April Patch Tuesday Lands With 167 Microsoft Fixes, SharePoint Zero-Day Under Attack

BlueHammer Defender bug goes public, Adobe Reader flaw exploited since November, and Chrome ships its fourth zero-day of the year.

2 min
© 2026 Threat Vectr