Zero-Day | KITEFALL

RoguePlanet Zero-Day Grants SYSTEM Privileges on Fully Patched Windows 11 Systems 2026-06-10 08:29 WindowsReport.com A security researcher known as Nightmare Eclipse has released a new Microsoft Defender zero-day exploit called “RoguePlanet” shortly after Microsoft reportedly decided not to pursue legal action against him. The researcher claims the vulnerability affects …
Check Point warns of zero-day flaw targeted by ransomware affiliate 2026-06-09 18:02 Cybersecurity Dive A critical authentication bypass flaw in Check Point Remote Access VPN and Mobile Access deployments has been under exploitation for more than a month, according to a blog post published Monday by Check Point Research. The vulnerability, tracked as CVE- …
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now 2026-06-09 16:37 The Hacker News Ravie LakshmananJun 09, 2026Vulnerability / Browser Security Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026- …
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks 2026-06-09 16:20 SecurityWeek Check Point on Monday warned that a critical-severity authentication bypass vulnerability affecting its VPN and firewall products has been exploited in the wild as a zero-day. Tracked as CVE-2026-50751 (CVSS score of 9.3), the security defect is described …
Google fixes the fifth actively exploited Chrome zero-day of 2026 2026-06-09 15:00 Security Affairs Google fixes the fifth actively exploited Chrome zero-day of 2026 Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new …
Update Chrome now — Google patches new zero-day flaw already being exploited 2026-06-09 14:58 TechRadar Pro Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Google patches high‑severity Chrome V8 bug (CVE‑2026‑11645) exploited in the wild Flaw allows remote code execution via crafted HTML on versions before 149.0.7827.103 …
Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) 2026-06-09 12:08 Help Net Security Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory …
Google Patches Fifth Chrome Zero-Day of 2026 as Active Exploits Target Users 2026-06-09 10:20 WindowsReport.com Google has released emergency security updates for its Chrome browser to address a newly discovered zero-day vulnerability that is already being exploited in the wild. The flaw, tracked as CVE-2026-11645, is the fifth Chrome zero-day vulnerability patched …
Check Point VPN Zero-Day Under Active Exploitation by Ransomware Operators 2026-06-09 07:16 GBHackers Check Point has disclosed active in-the-wild exploitation of a critical authentication bypass vulnerability, tracked as CVE-2026-50751, impacting Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 key exchange protocol …
Google Patches 5th Chrome Zero-Day Exploited in 2026 2026-06-09 06:15 SecurityWeek Google on Monday announced a Chrome 149 update that patches 74 vulnerabilities, including a zero-day that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2026-11645. It has been described as a high-severity out-of-bounds read…
YellowKey Zero-Day and the BitLocker Bypass: Compliance and Incident Response Implications 2026-06-09 04:10 JD Supra - California Key Takeaway A publicly disclosed and widely unpatched zero-day vulnerability, named YellowKey, permits anyone with physical access to a device running Windows 11 or Windows Server 2022/2025 to bypass BitLocker full-disk encryption (Microsoft's …
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More 2026-06-08 21:17 The Hacker News Ravie LakshmananJun 08, 2026Cybersecurity / Hacking Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A …
A Qilin ransomware affiliate exploited a Check Point VPN zero-day for a month before a patch existed 2026-06-08 18:47 The Next Web TL;DR Check Point patched a critical VPN zero-day (CVE-2026-50751) exploited since May 7 by a Qilin ransomware affiliate targeting dozens of organisations. Check Point has disclosed and patched a critical zero-day vulnerability in its Remote Access VPN and …
Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) 2026-06-08 12:33 Help Net Security A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables …
Microsoft forced into policy retreat over rogue zero-day researcher Nightmare Eclipse 2026-06-07 13:08 Notebook Check Microsoft has officially backpedaled on its aggressive legal stance against the independent security researcher operating under the alias "Nightmare Eclipse." Following severe industry backlash from the global cybersecurity community, the tech …
AI Agent Discovers 21 Zero-Day Vulnerabilities in Open-Source Projects 2026-06-07 09:59 WebProNews An artificial intelligence system has exposed 21 previously unknown security vulnerabilities across widely used software projects, marking a significant development in automated vulnerability discovery. According to a report published by The Hacker News …
Cisco SD-WAN Manager zero-day exploited to execute commands as root 2026-06-05 19:56 VPNCentral Cisco has warned that a newly disclosed Catalyst SD-WAN Manager vulnerability is being exploited in limited attacks, allowing attackers with netadmin-level access to execute arbitrary commands as root. The flaw, tracked as CVE-2026-20245, affects the …
Cisco warns zero-day flaw in SD-WAN is being exploited 2026-06-05 15:50 Cybersecurity Dive Cisco on Thursday warned of a zero-day vulnerability in its Catalyst SD-WAN product that could allow an attacker to execute arbitrary commands as root. The vulnerability, tracked as CVE-2026-20245, is the result of insufficient validation of user-supplied …
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 2026-06-05 13:26 SecurityWeek Cisco informed customers on Thursday about yet another SD-WAN product vulnerability that has been exploited in the wild – the seventh whose exploitation was detected in 2026. The new vulnerability, which has yet to be patched by Cisco, is tracked as CVE- …
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process 2026-06-04 17:26 Security Affairs Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar found a …
Microsoft Backtracks on Legal Threats After YellowKey Zero-Day Dispute 2026-06-03 18:07 WindowsReport.com Microsoft has moved to calm a growing dispute with security researchers after backlash over its response to public Windows zero-day disclosures. The controversy centers on Chaotic Eclipse, also known as Nightmare-Eclipse, who published YellowKey, a Windows …
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore 2026-06-03 15:55 The Hacker News The Hacker NewsJun 03, 2026Exposure Management Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. …
New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories 2026-06-03 10:32 WindowsReport.com A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let attackers steal GitHub authentication tokens through github.dev. Microsoft has not released a patch yet, and the flaw currently has no …
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash 2026-06-03 10:14 SecurityWeek Microsoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coordinated notification. The controversy concerns a researcher known online as Chaotic Eclipse and …
Android Zero-Day Vulnerability Actively Exploited in Device Takeover Attacks 2026-06-03 07:20 GBHackers Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns about the risk of large-scale device compromise. The issue, tracked as CVE-2025-48595, was highlighted …
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities 2026-06-02 17:38 SecurityWeek Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks. The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity …
Tuskira Quell identifies, mitigates, and validates zero-day risk before breach 2026-06-02 16:15 Help Net Security Tuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would …
One-Click RCE Hits Flowise While Gogs Zero-Day Stays Unpatched 2026-06-02 11:25 WebProNews Public exploit code now targets a critical remote code execution flaw in Flowise. The one-click attack works through malicious chatflow imports on self-hosted instances. Teams running AI workflow tools face immediate exposure. A separate critical Gogs RCE …
Microsoft Doubles Down on Opposition to Public Disclosure as “Chaotic Eclipse” Wave of Zero-Day Vulnerabilities Continues 2026-06-02 02:10 CPO Magazine An ugly and ongoing feud between Microsoft and a prominent security researcher seems to have resulted in Redmond doubling down on its position in favor of Coordinated Vulnerability Disclosure (CVD) over more immediate public disclosure. The issue has come …
Microsoft's Zero-Day Legal Threats Spark Backlash 2026-06-01 22:20 Dark Reading Microsoft is facing an onslaught of criticism from the cybersecurity community after the company said it would seek criminal prosecution against a disgruntled security researcher who published several zero-day exploits in recent weeks. In a blog post last …
Microsoft says it will not pursue security researchers after zero-day backlash 2026-06-01 12:11 The Record Microsoft said Monday it has “no intention to pursue action” against security researchers who uncover vulnerabilities and publish their findings, days after an official blog post sparked a backlash from the security community. The post had condemned a …
Microsoft faces backlash after suspending accounts linked to zero-day exploit disclosures 2026-06-01 04:21 ETCISO.in Microsoft is reportedly facing criticism over its response to a security researcher who has been publicly sharing proof-of-concept code for software vulnerabilities. According to a report by The Verge, a person using the name "Nightmare Eclipse" …
Microsoft’s Zero-Day Feud With Rogue Researcher Spirals Toward July Deadline 2026-05-30 10:06 WebProNews A lone Windows expert has dropped six zero-days in quick succession. Three reached active exploitation almost immediately. Now the researcher promises something far bigger on July 14. Microsoft calls the releases unjustifiable. The company has turned to …
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more 2026-05-30 08:08 The Record Microsoft has published its first response to a weeks-long campaign of uncoordinated Windows zero-day releases, condemning the disclosures as “never justifiable” and suggesting that it could bring cases against people who enable cybercrime. A pseudonymous …
Gogs Zero-Day Exposes Servers to Remote Code Execution 2026-05-29 18:26 SecurityWeek The popular open source self-hosted Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution (RCE), Rapid7 reports. The critical-severity issue, assigned a CVSS score of 9.4, is an argument …
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It. 2026-05-29 17:19 Security Affairs Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It. A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first …
Microsoft Threatens Legal Action Over Zero-Day Leaks 2026-05-28 23:11 Bank Information Security Security Researchers Fear Broader Legal Pressure on Bug Disclosures Tiffany Wang • May 28, 2026 Microsoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code in what the the company described as an …
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal 2026-05-28 19:32 The Hacker News Ravie LakshmananMay 28, 2026Zero Day / Vulnerability Disclosure Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to …
Microsoft Condemns "Uncoordinated" Zero Day Disclosures 2026-05-28 18:15 Infosecurity Magazine In a new bulletin, Microsoft has criticized security researchers for publicly reporting vulnerabilities in the company’s products before patches were available and without prior notice. These “uncoordinated disclosures put our customers at unnecessary risk …
Microsoft Warns Against Public Release of Zero-Day Details Before Vendor Coordination 2026-05-28 08:00 GBHackers Microsoft has issued a strong warning to the cybersecurity community following a recent surge in publicly disclosed zero-day vulnerabilities without prior coordination. According to the Microsoft Security Response Center (MSRC), several vulnerabilities …
Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation 2026-05-27 21:07 Tom's Hardware Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter There's been some drama unfolding lately in the Windows security world, and today's episode comes from yet another apparent run-in of researcher Nightmare- …
KnowledgeDeliver LMS flaw exploited as zero-day to deploy in-memory web shell 2026-05-27 18:02 VPNCentral A zero-day vulnerability in Digital Knowledge’s KnowledgeDeliver LMS was exploited in the wild to gain remote code execution and deploy an in-memory web shell on a compromised server. Mandiant says the flaw stems from shared ASP.NET machine keys used in …
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day 2026-05-27 13:50 SecurityWeek CISA on Tuesday urged federal agencies to immediately patch a critical-severity vulnerability in the LiteSpeed user-end plugin for cPanel that has been exploited in the wild. Tracked as CVE-2026-48172 (CVSS score of 9.8), the flaw is described as a …
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment 2026-05-26 19:24 SecurityWeek Threat actors exploited a KnowledgeDeliver zero-day vulnerability to deploy web shells and backdoors, Google-owned Mandiant reports. A learning management system (LMS) built by Digital Knowledge, KnowledgeDeliver is widely used for enterprise and …
AI shrinks zero-day exploit time from a year to a single day, heading toward one minute — Zero-Day Clock warns security window has collapsed 2026-05-26 15:28 Tom's Hardware Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The cybersecurity world has been abuzz about AI-assisted tools finding vulnerabilities faster than ever. Even non-tech outlets have covered topics like Anthropic's …
Microsoft Patch Tuesday: 167 Vulnerabilities Fixed, Including SharePoint Zero-Day and More 2026-05-26 02:50 The Tech Edvocate In the latest iteration of Microsoft Patch Tuesday, the technology giant has rolled out a considerable update addressing a staggering 167 security vulnerabilities across its suite of Windows and related products. This significant patch is capturing …
KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web Shell 2026-05-25 23:11 Cyber Security News A newly disclosed zero-day vulnerability in the KnowledgeDeliver Learning Management System (LMS) has been actively exploited in the wild to deploy the BLUEBEAM in-memory web shell, according to Mandiant’s incident response findings. The flaw, now tracked …
Trend Micro users beware - dangerous Apex One zero-day exploited in the wild 2026-05-25 21:47 TechRadar Pro Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Trend Micro patches CVE‑2026‑34926, a medium‑severity directory traversal flaw in Apex One (on‑prem) that lets local admins inject malicious code Despite requiring …
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities 2026-05-23 07:15 GBHackers CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS …
$20 per zero-day is already the WordPress plugin reality 2026-05-23 02:25 Help Net Security Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with …