Advertisement
CVE-2024-21319: PeopleSoft Auth Bypass Exploited by ShinyHunters
Oracle PeopleSoft zero-day CVE-2024-21319, an authentication bypass, is being actively exploited by ShinyHunters. Patch PeopleSoft 8.59, 8.60, 8.61 now.
Microsoft Defender 'RoguePlanet' Zero-Day Grants SYSTEM Privileges
Analysis of 'RoguePlanet' zero-day in Microsoft Defender allowing local privilege escalation to SYSTEM, its impact, and critical patch guidance.
Google Patches CVE-2026-11645: 5th Chrome Zero-Day Exploited in 2026
Google addresses CVE-2026-11645, a critical zero-day vulnerability in Chrome being actively exploited. Learn about patch guidance and detection strategies.
CVE-2024-4947: Google Patches Fifth Chrome Zero-Day of 2024
Google addresses CVE-2024-4947, a high-severity V8 type confusion vulnerability in Chrome being exploited in the wild. Update to version 125.0.6422.60 now.

CVE-2024-24919: Check Point VPN Zero-Day Exploited by Qilin Affiliate
Check Point Security Gateway vulnerability CVE-2024-24919 is being exploited in the wild, enabling unauthenticated information disclosure and network access.
CVE-2024-24919: Qilin Ransomware Gang Exploits Check Point VPN Zero-Day
Check Point confirms that the Qilin ransomware group exploited CVE-2024-24919, a critical flaw in VPN gateways, to gain unauthorized network access.

CVE-2025-48595: Android June 2026 Update Patches Exploited Zero-Day
Google's June 2026 security update fixes 124 vulnerabilities, including CVE-2025-48595, a zero-day privilege escalation flaw under active exploitation.
Android June 2024 Update: CVE-2024-32896 Zero-Day Exploit Patched
Google fixes 124 vulnerabilities including an actively exploited Pixel firmware zero-day and critical RCE flaws in the June 2024 Android security update.

Microsoft's Zero-Day Disclosure Stance Sparks Industry Debate
Microsoft's legal threats against a researcher for Zero-Day exploit disclosure spark industry backlash, prompting scrutiny of responsible disclosure practices.
VMware Workspace ONE Access RCE via CVE-2022-22960 — Patch Now
VMware Workspace ONE Access and Identity Manager face critical RCE vulnerabilities (CVE-2022-22960, CVE-2022-22957) actively exploited. Patch immediately to secure
Gogs Self-Hosted Git RCE via Zero-Day: Mitigation Guide
An unpatched zero-day vulnerability in Gogs self-hosted Git service allows attackers to achieve remote code execution, impacting Internet-facing instances.

Microsoft Condemns Public Zero-Day Disclosures, Advocates CVD
Microsoft reiterates strong support for Coordinated Vulnerability Disclosure, criticizing immediate public zero-day disclosures after a researcher's account removal.