Zero-Day
VS Code Zero-Day Exposes GitHub Tokens as Supply-Chain Attacks Breach 3,800 Internal Repositories
Unpatched OAuth vulnerability allows single-click credential theft while poisoned extension compromises GitHub's own infrastructure in 18 minutes.
cPanel Infrastructure Crisis: Zero-Day Cascade Exposes 70 Million Domains
Four emergency patches in 23 days reveal shared hosting's systemic vulnerability as AI-assisted exploit discovery outpaces defence cycles.
Microsoft Defender Zero-Days Under Active Exploit Force 13-Day Federal Patch Deadline
Two vulnerabilities enabling SYSTEM-level access and denial-of-service attacks are now weaponized in the wild, with CISA mandating federal remediation by June 3.
Microsoft Exchange zero-day forces emergency mitigation as permanent patch timeline remains unclear
CVE-2026-42897 XSS flaw enables email spoofing and credential harvesting across on-premises deployments, with ESU enrollment dividing patching access.
Windows 11 BitLocker Encryption Completely Bypassed by Unpatched Zero-Day Exploit
Researcher releases working exploit code for YellowKey vulnerability after disclosure dispute with Microsoft, leaving enterprise and government systems exposed with no patch timeline.
Google Confirms First AI-Generated Zero-Day Exploit in Active Use
Criminals deployed autonomous vulnerability discovery to bypass authentication in production systems, compressing attack timelines from months to minutes.
Weaver E-cology Zero-Day Exploited Within Days of Patch Across Asian Government Infrastructure
Critical unauthenticated RCE vulnerability in dominant enterprise platform enables system compromise with zero credentials, exposing supply chain risk across finance and government sectors.
What Is a Zero-Day Exploit and Why Does It Matter?
Unpatched security flaws unknown to vendors are the highest-value weapons in cyber operations—and AI is changing how fast they're discovered and deployed.
US Officials Eye Three-Day Patch Mandate as AI Weaponizes Zero-Days Faster Than Vendors Can Respond
CISA and National Cyber Director weigh compressing federal patching timelines from 21 days to 72 hours after Chinese and Russian AI-powered campaigns sustain 18-month persistence windows.
cPanel Zero-Day Gave Attackers Root Access to 70 Million Domains for 30+ Days
CVE-2026-41940 authentication bypass enabled unauthenticated root access to shared hosting infrastructure while cPanel held disclosure for two weeks.
Microsoft’s Incomplete Patch Leaves Zero-Click Windows Flaw Active in Russian Attack Campaigns
A critical vulnerability Microsoft patched in February 2026 left behind a credential theft vector now actively exploited by Russian threat actors, forcing emergency re-patching across federal agencies.
Citrix NetScaler Vulnerability Weaponized in 4 Days as 300K Deployments Face Credential Harvesting
CVE-2026-3055 exploited within 96 hours of patch release, with attackers targeting SAML authentication infrastructure across financial services, healthcare, and government sectors while enterprises lag 30-60 days behind on patching.