Zero-Day
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. “There are indications that CVE-2026-21385 may be under limited, targeted exploitation,” the company said on Monday in its March 2025 Android Security Bulletin. While Google didn’t provide any further information on the attacks currently targeting […]
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian broker whose clients include the Russian government. 39-year-old Australian national Peter Williams served as the general manager of Trenchant, a cybersecurity unit of defense […]
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. CVE-2026-20127 has a maximum severity of 10.0 and impacts Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst […]
CISA orders feds to patch actively exploited Dell flaw within 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), this hardcoded-credential vulnerability (CVE-2026-22769) in Dell’s RecoverPoint (a solution used for VMware virtual machine backup and […]
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). Researchers at […]
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) revealed today that the UNC6201 group exploited a maximum-severity hardcoded-credential vulnerability (tracked as CVE-2026-22769) in Dell RecoverPoint for Virtual Machines, a solution used for VMware […]
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” Google said in a security advisory issued on Friday. According to the Chromium commit history, this use-after-free […]
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Apple’s security bulletin warns […]
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Today is Microsoft’s February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses five “Critical” vulnerabilities, 3 of which are elevation of privileges flaws and 2 information disclosure flaws. The number of bugs in each vulnerability category is listed below: When GeekFeed […]
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are code-injection vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable devices without authentication. Both vulnerabilities have a CVSS score of 9.8 and are rated as critical. “We are aware […]