#zero-day
21 articles
Technology and government sectors bore the brunt of 33 zero-day vulnerabilities reported between April 12 and May 15, 2026, with 17 high-severity and 15 critical flaws documented. Threat actors APT29, Chaotic Eclipse, and Claude Mythos were observed exploiting these weaknesses globally, with Asia, China, Europe, and North America among the affected regions. The most severe flaw, CVE-2026-22679, carried a CVSS score of 9.8, followed by CVE-2026-34621 at 8.6, CVE-2026-3502 at 7.8, CVE-2026-32183 at 7.5, and CVE-2026-32201 at 6.5. Telecommunications, critical infrastructure, and enterprise sectors also faced significant exposure.
HIGHMicrosoft Warns of Exchange Zero-Day CVE-2026-42897 Exploited in
CVE-2026-42897 is a high-severity Exchange Server spoofing flaw exploited in the wild, enabling XSS-based code execution via Outlook on the web.
CRITICALPwn2Own Berlin 2026: Researchers Earn $523K Hacking Windows 11, Edge
On day one of Pwn2Own Berlin 2026, researchers collected $523,000 for 24 zero-days, including a $175,000 Edge sandbox escape by Orange Tsai and three Windows 11 privilege...
CRITICALApple Patches Everything: 0-Days, RCS Encryption Rollout
Apple released emergency patches for two zero-days exploited in the wild alongside the beta rollout of end-to-end encrypted RCS messaging for iOS and macOS.
HIGHIvanti EPMM Zero-Day CVE-2026-6973 Exploited in Limited Attacks
Ivanti warns CVE-2026-6973, a high-severity RCE in EPMM 12.8.0.0 and earlier, is under limited zero-day exploitation. Patches available; 850+ EPMM instances exposed online.
CRITICALWeaver E-cology Zero-Day CVE-2026-22679 Exploited Since March
CVE-2026-22679 (CVSS 9.8) in Weaver E-cology OA has been exploited in the wild since mid-March 2026. Attackers run discovery commands post-exploit. No patch available.
HIGHAPT29, Intellexa, NSO Share Identical Exploit Chains
Google TAG finds APT29 using exploit chains identical to those deployed by Intellexa and NSO Group, suggesting shared access to zero-day suppliers or exploit resale.
HIGHGoogle TAG: 97 Zero-Days Exploited in Wild During 2023
Google TAG reports 97 zero-days were exploited in the wild in 2023, up from 62 in 2022. Commercial surveillance vendors drove 80% of targeted exploits. Full report released.
HIGHZero-Window Era: NDR Playbooks for Post-Mythos Exploits
Claude Mythos and Project Glasswing shrink exploit windows to near-zero. The Hacker News details NDR playbooks to contain AI-driven attacks before patching is possible.
HIGHTrueConf Zero-Day CVE-2026-3502 Hit Southeast Asian Govts
Check Point Research uncovered CVE-2026-3502, a 7.8-CVSS privilege escalation in TrueConf client, exploited in targeted attacks against Southeast Asian government entities since…
CRITICALInterlock Ransomware Exploits Cisco FMC Zero-Day in Global Attacks
The Interlock ransomware group is actively exploiting a zero-day vulnerability in Cisco Firepower Management Center to breach networks. Recorded Future identified 31 high-impact flaws in March 2026, a 139% monthly increase.
HIGHMicrosoft Windows Snipping Tool Vulnerability Enables Remote Code Execution
A vulnerability (CVE-2026-32183) in the Microsoft Windows Snipping Tool allows remote attackers to execute arbitrary code via a malicious file or webpage, requiring only user interaction to trigger the exploit.
CRITICALPoC Exploit Released for Critical FortiSandbox Command Injection Flaw
A proof-of-concept exploit for CVE-2026-39808, a critical command injection vulnerability in Fortinet FortiSandbox, has been released. The flaw allows unauthenticated attackers to execute arbitrary OS commands as root.
HIGHMicrosoft Patches Defender Zero-Day Allowing Local Privilege Escalation
Microsoft patches CVE-2026-33825, an 'Important' zero-day flaw in the Microsoft Defender Antimalware Platform that allows local attackers to escalate privileges to SYSTEM. The vulnerability was publicly disclosed on April 14, 2026.
HIGHMicrosoft Confirms Active Exploitation of SharePoint Zero-Day Spoofing Flaw
Microsoft warns that a critical spoofing vulnerability, CVE-2026-32201, in SharePoint Server is being actively exploited. The flaw allows attackers to bypass authentication and access sensitive data.
HIGHCISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.
HIGHMicrosoft Patches Exploited SharePoint Zero-Day Among 161 Vulnerabilities
Microsoft's April 2025 Patch Tuesday addresses 161 CVEs, including an actively exploited zero-day in SharePoint Server (CVE-2025-27088) and a critical RCE in Windows DNS (CVE-2025-27080).
CRITICALAdobe Patches Acrobat Zero-Day Exploited via Malicious PDFs for Months
Adobe patches CVE-2024-34102, a critical zero-day vulnerability in Acrobat and Reader exploited via malicious PDFs for at least four months prior to discovery.
HIGHCVE-2024-38112: BlueHammer PoC Escalates Windows to SYSTEM
Researcher Chaotic Eclipse published a PoC for CVE-2024-38112, a Windows zero-day that grants local SYSTEM privileges, citing MS disclosure failures.
CRITICALCritical PDF Zero-Day Exploited for Months, Infrastructure Espionage Revealed
A critical zero-day vulnerability in widely used PDF software has been actively exploited for months. Concurrently, state-sponsored actors have been targeting fiber optic infrastructure for espionage.
CRITICALAdobe Patches Critical Acrobat Reader Flaw Under Active Exploitation
Adobe has released emergency updates for a critical vulnerability (CVE-2026-34621) in Acrobat Reader that is being actively exploited to execute arbitrary code.
HIGHStryker Hit by Cyberattack, Windows Zero-Day Exploited, China Supercomputer Hacked
Medical device giant Stryker confirms a cyberattack, while a patched Windows zero-day is actively exploited and a Chinese supercomputer cluster is breached.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.