Advertisement
CVE-2023-41179: Trend Micro Apex One RCE Exploited in Attacks
Trend Micro patches CVE-2023-41179, a critical zero-day in Apex One and Worry-Free Business Security exploited to execute arbitrary commands on Windows systems.
CVE-2026-34926: TrendAI Apex One Directory Traversal Exploit Analysis
TrendAI patches a critical zero-day directory traversal vulnerability (CVE-2026-34926) in Apex One on-premise currently exploited in the wild.
AI-Assisted macOS Kernel Exploit on Apple M5 Hardware
Security researchers used Anthropic’s Mythos AI to develop a macOS kernel memory corruption exploit for the Apple M5 chip in just five days. Patch now.
Chromium RCE Risk: Unfixed Flaw Allows Background JavaScript
Google accidentally exposed details of an unfixed Chromium flaw. This enables RCE via persistent background JavaScript execution, affecting many browsers.
CVE-2024-21338: Microsoft Defender Zero-Day Exploited by Lazarus
Microsoft patches two zero-day vulnerabilities in Defender and SmartScreen exploited by Lazarus Group for privilege escalation and malware delivery.
YellowKey Zero-Day: Mitigating BitLocker Encryption Bypasses in Windows
Microsoft releases mitigation guidance for the YellowKey zero-day, a Windows BitLocker vulnerability allowing unauthorized access to encrypted data volumes.

CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack
Active Zero-Day XSS vulnerability, CVE-2026-42897, impacts Microsoft Exchange OWA, allowing mailbox compromise. No patch available.

MiniPlasma 0-Day: Windows SYSTEM Privilege Escalation via cldflt.sys
Technical analysis of the MiniPlasma zero-day vulnerability in cldflt.sys enabling SYSTEM privilege escalation on fully patched Windows systems.
Windows MiniPlasma Zero-Day Exploit: How to Mitigate LPE Threats
A new zero-day exploit dubbed MiniPlasma allows local attackers to gain SYSTEM privileges on fully patched Windows systems. Learn detection and mitigation steps.
Pwn2Own Berlin: Microsoft Exchange, Windows 11 Zero-Day Exploits
Zero-day vulnerabilities in Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux demonstrated at Pwn2Own Berlin. Runtime Rebel details the impact.
CVE-2026-42897: Microsoft Exchange Server Zero-Day Exploited in Wild
Microsoft warns of CVE-2026-42897, a critical Exchange Server zero-day exploited in the wild. Implement Extended Protection mitigations immediately to secure systems.
CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability
Microsoft warns of CVE-2024-49040, a zero-day spoofing vulnerability in Exchange Server exploited to bypass security filters and impersonate trusted senders.