zero-day
Coverage of zero-day in the Nexus archive.
- The FCC Wants to Kill Burner Phones
The FCC aims to restrict burner phones, Microsoft released a major security update linked to AI bug hunting, and the ShinyHunters ransomware group exploited an Oracle zero-day vulnerability.
- ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
ShinyHunters exploited a zero-day vulnerability in Oracle's ERP software to steal data from American universities. The attack took advantage of a critical bug that disproportionately impacted higher education institutions.
- Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
Google patched the fifth actively exploited Chrome zero-day of 2026, CVE-2026-11645, an out-of-bounds memory access flaw in the V8 JavaScript engine. The vulnerability was reported by researcher '303f06e3' and earned a $55,000 bounty, with technical details withheld to prevent further exploitation.
- Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
The webinar 'Beyond the Zero-Day' with HD Moore highlights the inevitability of cyber breaches due to zero-day exploits and AI-driven attacks. It emphasizes shifting focus from patching vulnerabilities to controlling network architecture to limit attack reach.
- Microsoft says it will not pursue security researchers after zero-day backlash
Microsoft stated it will not take legal action against security researchers conducting or publishing their research, following backlash over a zero-day issue. The company emphasized it takes feedback seriously and clarified its approach to legal matters.
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.
- CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has directed U.S. federal agencies to address a critical privilege escalation vulnerability in Microsoft Defender, known as BlueHammer, which is currently being exploited in zero-day attacks. The flaw allows attackers to escalate privileges, posing a significant security risk.
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers remain unpatched against a spoofing vulnerability, which was exploited as a zero-day and is still being used in ongoing attacks. The vulnerability allows attackers to spoof SharePoint servers, exposing sensitive data and systems to potential breaches.
- No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has focused on sophisticated threats like zero-days and AI-generated exploits, but stolen credentials remain the most reliable entry point for attackers. Identity-based attacks, particularly through credential stuffing, are a dominant initial access vector in breaches.
- Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft released updates addressing 169 security vulnerabilities, including a SharePoint zero-day actively exploited in the wild. The patches include fixes for 157 Important, eight Critical, three Moderate, and one Low severity flaws.