Threats Tagged 'zero-day'

Cisco disclosed a zero-day vulnerability (CVE-2026-20262) in Catalyst SD-WAN Manager that allows an attacker with valid credentials and write access to send crafted HTTP requests to an API endpoint, enabling arbitrary file write on the underlying operating system. This vulnerability can be leveraged to escalate privileges to root. Cisco discovered the flaw internally and confirmed limited exploitation in targeted attacks. The vulnerability is considered medium severity by Cisco but is rated critical here due to its exploitation and potential impact. Cisco has released patches addressing this issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating remediation by June 29, 2026. This is one of multiple SD-WAN vulnerabilities exploited in 2026.

RoguePlanet is a reported Windows zero-day vulnerability that abuses Microsoft Defender's own quarantine pipeline. The vulnerability was disclosed via a Reddit cybersecurity post linking to an external analysis by Cybereason's Howler Cell team. No detailed technical information, affected versions, or proof of exploitation in the wild have been provided. The threat is classified as critical based on the initial report but lacks official vendor confirmation or patch information.

A new zero-day vulnerability named GreatXML, disclosed by researcher Chaotic Eclipse, allows bypassing BitLocker encryption on Windows machines that have run Microsoft Defender Offline Scan. The exploit leverages leftover configuration artifacts on the recovery partition processed by Windows Recovery Environment (WinRE) to spawn a SYSTEM-level shell without requiring login. The attack requires brief physical access or the ability to write to the recovery partition. No patch is currently available. Microsoft has criticized the public disclosure as irresponsible and is working on mitigation.

A zero-day vulnerability named RoguePlanet in Microsoft Defender allows attackers to gain SYSTEM-level access on fully updated Windows 10 and 11 machines. The exploit is a race condition that can result in arbitrary code execution with the highest privileges. It has been publicly disclosed with a proof-of-concept by a security researcher known as Chaotic Eclipse. The vulnerability affects desktop Windows systems with June 2026 Patch Tuesday updates installed but does not currently work on Windows Server due to mounting restrictions. The researcher has criticized Microsoft's handling of vulnerability disclosures and has released multiple related exploits. Microsoft has condemned the public disclosures but has not yet provided an official patch.

Google released an update for Chrome 149 that patches 74 vulnerabilities, including a critical zero-day tracked as CVE-2026-11645. This vulnerability is a high-severity out-of-bounds read/write flaw in the V8 JavaScript engine, which allows remote code execution within the sandbox via a specially crafted HTML page. The zero-day was actively exploited in the wild and reported by an anonymous researcher in late April 2026. This is the fifth Chrome zero-day exploited in 2026, highlighting an ongoing trend of critical vulnerabilities in the browser. Google has awarded the researcher $55,000 for responsible disclosure. The patch fixes this and other critical vulnerabilities, mitigating the risk posed by these exploits.

An autonomous AI agent developed by the security startup depthfirst discovered 21 zero-day vulnerabilities in the FFmpeg multimedia framework, including nine assigned CVEs (CVE-2026-39210 through CVE-2026-39218). These vulnerabilities primarily involve heap and stack overflows in various parsers and demuxers, with some bugs dating back to 2003. FFmpeg maintainers have been responsive and are shipping fixes. The discovery raises concerns about the effectiveness of traditional static and dynamic analysis tools against memory corruption in large C codebases and the potential impact of AI-driven vulnerability discovery on disclosure pipelines and vulnerability economics.

Cisco has disclosed a critical, unpatched zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that is actively exploited in the wild. The flaw allows local attackers with netadmin privileges to perform command injection attacks, leading to root privilege escalation by uploading crafted files. Exploitation requires valid credentials or prior exploitation of related vulnerabilities (CVE-2026-20182 or CVE-2026-20127). The vulnerability affects all deployment types of the product, including on-premises and cloud-managed versions. Cisco has not yet released a patch for this zero-day but advises monitoring for indicators of compromise and engaging Cisco TAC for incident response support. The vendor has released patches for related vulnerabilities but this specific flaw remains unpatched at this time.

A security researcher publicly disclosed a critical zero-day vulnerability in Visual Studio Code's browser-based editor github.dev after losing trust in Microsoft's security response process. The vulnerability allows an attacker to steal OAuth tokens with broad repository access by exploiting how github.dev receives tokens from github.com without repo-specific scoping. An attacker who can modify a repository's . vscode/extensions.json can recommend a malicious extension that installs automatically when the victim opens the repo in github.dev, bypassing user approval via a hidden Jupyter Notebook trigger. This enables silent installation of malicious extensions capable of stealing tokens and accessing private repositories.

A security researcher known for releasing Windows zero-day vulnerabilities was banned from GitHub amid reports of vindictive behavior. The incident involves the public disclosure of unpatched Windows zero-day exploits. No specific technical details, affected software versions, or exploitation evidence are provided in the source. The situation highlights concerns about responsible disclosure and platform policies but does not confirm active exploitation or patch availability.