< ciso
brief />
Tag Banner

All news with #zero day exploitation tag

446 articles · page 3 of 23

Record-breaking June 2026 Patch Tuesday updates

🚨 Microsoft released fixes addressing nearly 200 vulnerabilities in its June 2026 Patch Tuesday, the largest monthly tally to date, with almost three dozen rated critical and public exploit code for at least three flaws. Multiple zero-days were patched, including CVE-2026-49160 affecting IIS and CVE-2026-50507 for BitLocker, with some reports tied to researcher "Nightmare Eclipse." Microsoft and other vendors noted rising use of AI in vulnerability discovery and unusually high browser flaw counts this month.
read more →

Microsoft June 2026 Patch Tuesday: 200 Flaws Fixed

🛡️ Microsoft released its June 2026 Patch Tuesday addressing 200 vulnerabilities, including five publicly disclosed zero-days and one actively exploited flaw. The updates cover 33 Critical issues, with numerous RCE, elevation of privilege, information disclosure, and other vulnerabilities across Windows, Exchange, BitLocker, HTTP/2 and more. Microsoft also provided mitigations and new settings such as a MaxHeadersCount registry key for HTTP/2.
read more →

Chrome V8 zero-day patched; urgent user update

🛡️ Google released fixes for 74 vulnerabilities in Chrome, including an actively exploited high-severity V8 issue, CVE-2026-11645 (CVSS 8.8). The flaw is an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine that could allow code execution inside a sandbox via a crafted HTML page. Researcher "303f06e3" reported the bug on April 27, 2026, and received a $55,000 bounty. Users should update Chrome to the latest 149.0.7827.102/.103 versions and apply corresponding updates for other Chromium-based browsers.
read more →

Google issues emergency Chrome update addressing zero-day

🔒 Google has released an emergency update for Chrome addressing 74 vulnerabilities, including a high-severity zero-day that has been exploited in the wild. The bulletin, published on June 8, fixes 17 critical, 55 high-severity and two medium-severity flaws, with updates rolling out to Windows, Mac and Linux users over the coming days and weeks. The exploited V8 bug, CVE-2026-11645, was reported April 27 and earned the researcher $55,000.
read more →

CISA orders patch for Check Point VPN zero-day

🔒 CISA has directed U.S. federal agencies to patch a critical Check Point Remote Access VPN and Mobile Access vulnerability (CVE-2026-50751) that has been exploited in active attacks since May 7. The flaw allows unauthenticated remote attackers to bypass authentication on systems using the deprecated IKEv1 key exchange and legacy remote access clients. Check Point released updates and provided mitigations for organizations that cannot immediately patch, while CISA added the issue to its KEV Catalog and set a June 11 compliance deadline for federal agencies.
read more →

Google issues emergency Chrome zero-day patch

🔒 Google has released an emergency update to address CVE-2026-11645, the fifth Chrome zero-day fixed this year. The flaw, an out-of-bounds read/write in the V8 JavaScript engine, can be exploited by crafted HTML to achieve arbitrary code execution from within the browser sandbox. Patched Stable channel versions for Windows, macOS, and Linux are rolling out, and Google warns details may stay restricted until most users are updated.
read more →

One-character Linux kernel flaw enables local root

🔒 Security researchers published a working exploit for a Linux kernel use-after-free, CVE-2026-23111, allowing unprivileged local users to escalate to root and escape containers. The bug resides in nf_tables packet-filtering code and was patched upstream on February 5, 2026; public exploit write-ups appeared in April and June. The reachable setup requires nf_tables and unprivileged user namespaces, common defaults on many desktops and server builds. Administrators should update their kernel packages and reboot to mitigate the issue.
read more →

Critical Zcash Orchard Vulnerability Disclosed and Patched

🔒 On May 29, researcher Taylor Hornby discovered a critical flaw in Zcash's Orchard shielded pool; the Zcash team had contracted him specifically for this audit. The vulnerability involved a missing enforcement in a validation check that could have allowed creation of ZEC out of thin air despite valid-looking zero-knowledge proofs. The issue has been patched, but there is no reliable way to determine whether the bug was exploited prior to the fix.
read more →

Gogs patches critical zero-day enabling RCE

🛡️ Gogs has released version 0.14.3 to patch a critical argument-injection zero-day that allows authenticated non-admin users to execute remote code and access any repository, including private ones. The flaw affects all releases up to 0.14.2 and 0.15.0+dev and was reported by Rapid7 researcher Jonah Burgess. Rapid7 urges immediate upgrades and provided mitigations such as disabling open registration and restricting repo creation for instances that cannot be patched immediately.
read more →

Critical UniFi OS bug enables unauthenticated root access

🔒 Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
read more →

Check Point links VPN zero-day to Qilin gang

🔒 Check Point released security updates to address CVE-2026-50751, a critical authentication-bypass flaw impacting Remote Access VPN and Mobile Access deployments that use the deprecated IKEv1 key exchange. The vulnerability allowed unauthenticated, remote attackers to establish VPN connections and was actively exploited beginning in May, with a surge in early June affecting a few dozen organizations worldwide and one confirmed case tied to the Qilin ransomware affiliate. Check Point also identified a second related issue, CVE-2026-50752, affecting certificate validation in IKEv1 and recommended immediate updates and mitigations for customers unable to patch.
read more →

AI Agent Uncovers 21 FFmpeg Zero-Days, Chrome Ships 429 Fixes

🛡️ depthfirst's autonomous agent discovered 21 previously unknown zero-day vulnerabilities in FFmpeg, producing reproducible PoC inputs for each at a reported cost of about $1,000 for the run. In the same week, Google released Chrome 149 with fixes for a record 429 security bugs, over 100 of which are critical or high severity, following an overhaul of its bounty program to cope with a surge of AI-generated reports. The findings illustrate how AI is accelerating vulnerability discovery and increasing pressure on triage and patching processes across widely used software.
read more →

Critical Cisco SD‑WAN Manager zero‑day enables root

🔒 Cisco warned of a high‑severity, unpatched zero‑day (CVE-2026-20245) in the Catalyst SD‑WAN Manager actively exploited to escalate to root. The flaw affects all deployment types and results from insufficient validation of user‑supplied input, allowing local attackers with netadmin privileges to perform command injection by uploading crafted files. Cisco noted limited cases of configuration changes pushed to edge devices and advised contacting TAC and producing admin‑tech logs for investigation. Patches are not yet available; customers were urged to install fixes for related CVE-2026-20182.
read more →

CISA alerts on active Android and Linux kernel exploits

🔒 CISA warns that threat actors are actively exploiting high-severity vulnerabilities in the Android Framework and the Linux kernel, now added to its Known Exploited Vulnerabilities catalog. Google confirms CVE-2025-48595 affects Android 14–16 and may be under limited targeted exploitation, addressed by June 2026 patches. The kernel flaw CVE-2022-0492 impacts multiple branches and can enable container escapes via cgroups v1, with fixes available in specified kernel releases. Federal agencies must remediate or mitigate by the June 5 deadline under BOD 22-01.
read more →

Acer warns of max-severity zero-days in Wave 7 routers

🛡️ Acer confirmed it's addressing two maximum-severity zero-day vulnerabilities in Wave 7 mesh routers. Reported by researcher Gergo Pap, both affect firmware T7c_GBL_1.01.000055 or earlier and permit remote, unauthenticated access to sensitive data and persistent backdoors. Acer plans firmware fixes by the end of June 2026 and urges users to update once patches are released and to disable or restrict remote management as a temporary mitigation.
read more →

VS Code zero-day lets attackers steal GitHub tokens

🛡️ A security researcher published exploit code for a Visual Studio Code zero-day that enables attackers to steal GitHub OAuth tokens by tricking users into clicking a link. The flaw abuses VS Code's sandboxed webview message-passing to run JavaScript that simulates keypresses, installs a malicious extension, and exfiltrates tokens sent to github.dev. The vulnerability is unpatched and unassigned a CVE; users can mitigate risk by clearing cookies and site data for github.dev to force reauthentication prompts.
read more →

Google June 2026 Android security updates

🔒 Google released June 2026 security patches addressing 124 Android vulnerabilities, including a high-severity Framework flaw tracked as CVE-2025-48595 affecting Android 14–16 and 16 QPR2. This privilege escalation bug can be exploited without user interaction and is reportedly under limited targeted exploitation. The June updates arrive in two batches, with the latter adding kernel and chipset fixes from MediaTek, Qualcomm, Unisoc, and others.
read more →

CISA orders federal patch for WebLogic zero-day

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited Oracle WebLogic vulnerability, CVE-2024-21182, by June 4 under BOD 22-01. The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 and enables unauthenticated remote compromise via T3/IIOP. Shodan reports over 1,592 exposed and vulnerable WebLogic instances, and CISA urges all organizations to apply vendor mitigations or discontinue use if fixes are unavailable.
read more →

Google issues June 2026 Android security patches

🔒 Google released the June 2026 Android security updates fixing 124 vulnerabilities, including one actively exploited Android Framework zero-day (CVE-2025-48595) affecting devices running Android 14 and later. The company warned of limited, targeted exploitation and urged users to update to the latest Android versions. Two patch bundles (2026-06-01 and 2026-06-05) were issued; Pixel devices will receive updates immediately while other vendors may delay. Google also addressed 18 critical flaws across System, Framework, and Qualcomm components, and previously patched other zero-days this year.
read more →

Responsible Vulnerability Disclosure in the AI Era

🛡️ Responsible Disclosure in the Age of AI argues that frontier AI systems now autonomously discover software vulnerabilities at unprecedented speed and scale, exposing long-standing technical debt in the software industry. The piece traces the evolution of assurance practices and disclosure frameworks and highlights growing tension between offensive and defensive cyber equities, particularly in the U.S. and China. It calls for coordinated national and international efforts to accelerate remediation, patch management, and investment in automated repair capabilities to close the narrowing window before adversaries exploit these advances.
read more →