serisec

Category: zero-day

  • Microsoft Threatening Security Researcher

    Microsoft Threatening Security Researcher An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth. Bruce Schneier Go to bruce schneier

  • Zero-Day Exploit Against Windows BitLocker

    Zero-Day Exploit Against Windows BitLocker It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone…

  • Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

    Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios…

  • DarkSword Malware

    DarkSword Malware DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG…

  • Claude Mythos Has Found 271 Zero-Days in Firefox

    Claude Mythos Has Found 271 Zero-Days in Firefox That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6,…

  • Smashing Security podcast #457: How a cybersecurity boss framed his own employee

    Smashing Security podcast #457: How a cybersecurity boss framed his own employee When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this…

  • AI Found Twelve New Vulnerabilities in OpenSSL

    AI Found Twelve New Vulnerabilities in OpenSSL The title of the post is”What AI Security Research Looks Like When It Works,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for…

  • Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication

    Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication Microsoft released Microsoft Patch Tuesday updates to address a critical zero-day vulnerability in Windows Shell that is currently being actively exploited in the wild. Tracked as CVE-2026-21510, this security flaw allows remote attackers to bypass essential protection mechanisms, putting millions of Windows users at risk. The…

  • LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

    LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to…

  • WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls

    WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls An urgent security update has been released to fix a critical zero-day vulnerability in WatchGuard Firebox firewalls. With warnings that hackers are already actively exploiting the flaw in the wild to take control of affected devices. The vulnerability, tracked as CVE-2025-14733, carries a critical severity score…

  • CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221,…

  • CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks

    CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public…

  • Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code

    Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide. The flaw stems from improper neutralization of…

  • CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks

    CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being exploited by attackers to compromise systems and execute malicious code. The specific flaw is known as a…

  • CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks

    CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks CISA has added a critical zero-day vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities catalog. Warning that threat actors are actively exploiting the flaw in real-world attacks. The vulnerability, tracked as CVE-2025-21042, is an out-of-bounds write vulnerability in the libimagecodec.quram.so library on…

  • Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges

    Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access.…

  • Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild

    Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating remote code…

  • Top Zero-Day Vulnerabilities Exploited in the Wild in 2025

    Top Zero-Day Vulnerabilities Exploited in the Wild in 2025 The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors. According to recent data, more than 23,600 vulnerabilities were published in the first half of 2025 alone, representing a 16% increase over 2024. This alarming trend…

  • Zero-Day Exploit in WinRAR File

    Zero-Day Exploit in WinRAR File A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously…

  • Microsoft SharePoint Zero-Day

    Microsoft SharePoint Zero-Day Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the…

  • Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000

    Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000 A threat actor using the handle “zeroplayer” advertised a previously unknown remote-code-execution (RCE) exploit for WinRAR on an underground forum.  The post, titled “WINRAR RCE 0DAY – 80,000$,” claims the flaw works “fully on the latest version of WinRAR and below,” is not…

  • Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network

    Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections.  This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory contents without requiring authentication or…

  • CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild.  The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, marking it as…

  • CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation

    CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose significant risks to organizations…

  • Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

    Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to…

  • New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch

    New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.  This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious…

  • Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild

    Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the…

  • Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks

    Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable…

  • BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

    BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since been linked to the China-based hacking group Silk Typhoon.  While…

  • Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

    Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration. Over 1,500 infected devices have been…

  • Zero-Day Vulnerability in Ivanti VPN

    Zero-Day Vulnerability in Ivanti VPN It’s being actively exploited. Bruce Schneier Go to bruce schneier