Zero-Day

Microsoft’s Incomplete Patch Leaves Zero-Click Windows Flaw Active in Russian Attack Campaigns

A critical vulnerability Microsoft patched in February 2026 left behind a credential theft vector now actively exploited by Russian threat actors, forcing emergency re-patching across federal agencies.

7 min read · 10 hours ago

Technology

Citrix NetScaler Vulnerability Weaponized in 4 Days as 300K Deployments Face Credential Harvesting

CVE-2026-3055 exploited within 96 hours of patch release, with attackers targeting SAML authentication infrastructure across financial services, healthcare, and government sectors while enterprises lag 30-60 days behind on patching.

7 min read · 1 month ago