zero-day vulnerability
Coverage of zero-day vulnerability in the Nexus archive.
- Google patches new Chrome zero-day flaw exploited in the wild
Google has released emergency updates to patch a new Chrome zero-day vulnerability that is being exploited in the wild. This marks the fifth such Chrome zero-day flaw patched since the start of the year.
- Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Cisco warned of a high-severity unpatched zero-day vulnerability in its Cisco Catalyst SD-WAN Manager (CVE-2026-20245) that is currently being exploited in attacks to enable root privilege escalation.
- VS Code zero-day lets hackers steal GitHub tokens in one click
A security researcher disclosed a Visual Studio Code zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a malicious link. The exploit code has been released.
- New Gogs zero-day flaw lets hackers get remote code execution
A new zero-day vulnerability in the Gogs self-hosted Git service allows attackers to achieve remote code execution on internet-facing instances. The flaw remains unpatched, posing a security risk.
- KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell, compromising server security.
- Trend Micro warns of Apex One zero-day exploited in the wild
Trend Micro has disclosed a zero-day vulnerability in its Apex One security software that is actively being exploited in the wild against Windows systems. The Japanese cybersecurity company has released a security advisory to address this critical flaw affecting its endpoint protection product.
- Litecoin says its 13-block reorg was not a 'zero-day, but GitHub commit history shows otherwise
Litecoin claims its recent 13-block reorganization was not a 'zero-day' vulnerability, but analysis of GitHub commit history suggests evidence of prior undisclosed issues. The discrepancy highlights potential gaps between official statements and technical records.
- Adobe Patches Actively Exploited Zero-Day That Lingered for Months
Adobe has patched a zero-day vulnerability in Acrobat and Reader that was actively exploited by attackers using malicious PDF files for at least four months. The security flaw highlights ongoing risks in software exploitation despite patches.
- Adobe finally patches PDF pest after months of abuse
Adobe has released a patch for a critical zero-day vulnerability in its Acrobat and Reader software that attackers exploited for months to hijack machines via malicious PDF documents. The flaw allowed booby-trapped files to profile targets and compromise systems.
- Months-old Adobe Reader zero-day uses PDFs to size up targets
A zero-day vulnerability in Adobe Acrobat Reader has been exploited for months using malicious PDFs to harvest system data and identify high-value targets. Hackers leverage legitimate PDF features to profile victims and deploy second-stage payloads selectively.
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
A zero-day vulnerability in Adobe Reader has been exploited via malicious PDFs since December 2025, as reported by EXPMON's Haifei Li. The first malicious artifact, 'Invoice540.pdf', appeared on VirusTotal on November 28, 2025.
- Hackers exploiting Acrobat Reader zero-day flaw since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader since December using maliciously crafted PDF documents. The flaw allows unauthorized access and potential data theft through compromised files.