Advertisement
CVE-2025-48595: Android June 2026 Update Patches Exploited Zero-Day
Google's June 2026 security update fixes 124 vulnerabilities, including CVE-2025-48595, a zero-day privilege escalation flaw under active exploitation.
Android June 2024 Update: CVE-2024-32896 Zero-Day Exploit Patched
Google fixes 124 vulnerabilities including an actively exploited Pixel firmware zero-day and critical RCE flaws in the June 2024 Android security update.
Microsoft's Zero-Day Disclosure Stance Sparks Industry Debate
Microsoft's legal threats against a researcher for Zero-Day exploit disclosure spark industry backlash, prompting scrutiny of responsible disclosure practices.
VMware Workspace ONE Access RCE via CVE-2022-22960 — Patch Now
VMware Workspace ONE Access and Identity Manager face critical RCE vulnerabilities (CVE-2022-22960, CVE-2022-22957) actively exploited. Patch immediately to secure
Gogs Self-Hosted Git RCE via Zero-Day: Mitigation Guide
An unpatched zero-day vulnerability in Gogs self-hosted Git service allows attackers to achieve remote code execution, impacting Internet-facing instances.
Microsoft Condemns Public Zero-Day Disclosures, Advocates CVD
Microsoft reiterates strong support for Coordinated Vulnerability Disclosure, criticizing immediate public zero-day disclosures after a researcher's account removal.
CVE-2023-41179: Trend Micro Apex One RCE Exploited in Attacks
Trend Micro patches CVE-2023-41179, a critical zero-day in Apex One and Worry-Free Business Security exploited to execute arbitrary commands on Windows systems.
CVE-2026-34926: TrendAI Apex One Directory Traversal Exploit Analysis
TrendAI patches a critical zero-day directory traversal vulnerability (CVE-2026-34926) in Apex One on-premise currently exploited in the wild.
AI-Assisted macOS Kernel Exploit on Apple M5 Hardware
Security researchers used Anthropic’s Mythos AI to develop a macOS kernel memory corruption exploit for the Apple M5 chip in just five days. Patch now.
Chromium RCE Risk: Unfixed Flaw Allows Background JavaScript
Google accidentally exposed details of an unfixed Chromium flaw. This enables RCE via persistent background JavaScript execution, affecting many browsers.
CVE-2024-21338: Microsoft Defender Zero-Day Exploited by Lazarus
Microsoft patches two zero-day vulnerabilities in Defender and SmartScreen exploited by Lazarus Group for privilege escalation and malware delivery.
YellowKey Zero-Day: Mitigating BitLocker Encryption Bypasses in Windows
Microsoft releases mitigation guidance for the YellowKey zero-day, a Windows BitLocker vulnerability allowing unauthorized access to encrypted data volumes.