zero-day

The 732-Byte Secret to Root: Everything You Know About Hardening Just Failed

John Z Black May 1, 2026

Vulnerabilities & Patching #linux #kernel #root-exploit #zero-day #devops

Copy Fail (CVE-2026-31431) is a nine-year-old logic flaw that grants root on basically every Linux distro. It's tiny, it's reliable, and your file integrity monitors won't see a thing.

Your Antivirus Is Harvesting Passwords Now: BlueHammer Hits CISA KEV

John Z Black Apr 23, 2026

Vulnerabilities & Patching #microsoft #windows-defender #bluehammer #cve-2026-33825 #zero-day #cisa-kev #credential-theft #endpoint-security

The BlueHammer flaw has moved from a research curiosity to an active threat. This Windows Defender zero-day turns your security software into a password harvester by exploiting a race condition to steal credentials. CISA says patch now.

Management Planes: The Internet's Industrialized Front Door

John Z Black Apr 22, 2026

Vulnerabilities & Patching #management-plane #beyondtrust #palo-alto #cisco #sdwan #zero-day #rce #industrialized-attack

Hackers have stopped chasing individual servers. They are after the tools that manage thousands of them at once. BeyondTrust, Palo Alto, and Cisco are the current bulls-eye.

The Switchboard Strike: Why CISA is Scrambling to Secure SD-WAN

John Z Black Apr 21, 2026

Vulnerabilities & Patching #cisa #emergency-directive #cisco #sd-wan #zero-day

CISA just issued an emergency order for federal agencies to hunt for Cisco SD-WAN exploits. It turns out a shadow campaign has been hijacking enterprise network switchboards since 2023. If you run a distributed network, the hunt is on.

Antivirus as a Weapon: The Defender Trilogy No One Can Patch

John Z Black Apr 17, 2026

Vulnerabilities & Patching #windows-defender #zero-day #privilege-escalation #microsoft #vulnerability

A single researcher has spent April taking Windows Defender apart. The results are a set of three zero-days that turn your antivirus into a malware delivery system and then blind it so it can't see the damage.

165 CVEs in One Day. Two Zero-Days. One Kerberos Bug That Should Have Your Full Attention.

John Z Black Apr 14, 2026

Vulnerabilities & Patching #patch-tuesday #microsoft #cve #kerberos #cisa-kev #forticlient #zero-day

Microsoft dropped 165 CVEs today including two zero-days, a critical Kerberos credential relay vulnerability, and a FortiClient EMS flaw with a 48-hour CISA deadline. Here's how to prioritize.

Adobe Reader Had a Zero-Day in the Wild for Four Months Before Anyone Patched It

John Z Black Apr 11, 2026

Vulnerabilities & Patching #adobe-reader #zero-day #cve-2026-34621 #pdf-security #javascript-engine

CVE-2026-34621 was sitting in the wild since November 2025. Adobe patched it in April 2026. That's a four-month window where opening the wrong PDF could get you owned.

China's Ransomware Groups Are Using Zero-Days Now. That Changes the Math.

John Z Black Apr 7, 2026

Ransomware & Cybercrime #storm-1175 #medusa #qilin #china #zero-day #edr #ransomware

Microsoft links China-based Storm-1175 to Medusa ransomware using zero-day exploits, while Qilin deploys EDR-killing techniques before encryption.

A Disgruntled Researcher Just Handed Every Attacker a Free Windows Privilege Escalation Exploit

John Z Black Apr 7, 2026

Vulnerabilities & Patching #windows #zero-day #privilege-escalation #bluehammer #exploit #microsoft #msrc

A frustrated researcher publicly released BlueHammer, a working Windows privilege escalation zero-day, after clashing with Microsoft's disclosure process.

The AI That Found Every Bug: Anthropic's Mythos, Project Glasswing, and the End of Security as We Know It

John Z Black Apr 7, 2026

AI Security #anthropic #claude-mythos #project-glasswing #zero-day #ai-security #vulnerability-research #cybersecurity

Update Chrome Now. Update FortiClient Now. Here's Why.

John Z Black Apr 6, 2026

Vulnerabilities & Patching #chrome #fortinet #zero-day #cve-2026-5281 #cve-2026-35616 #cisa-kev #patch-advisory

Two critical vulnerabilities are being actively exploited right now: a Chrome WebGPU zero-day and a Fortinet pre-auth privilege escalation, and both have patches available today.

A Zero-Day Turned TrueConf's Update Channel Into a Malware Delivery System

John Z Black Apr 3, 2026

Threat Intelligence #zero-day #supply-chain #trueconf #espionage #china #cve-2026-3502

Chinese-nexus actors exploited a zero-day in TrueConf to hijack the update mechanism and push trojanized updates to Southeast Asian government agencies.

Interlock Ransomware Had a Cisco Firewall Zero-Day Before Anyone Knew It Existed

John Z Black Mar 23, 2026

Ransomware & Cybercrime #ransomware #interlock #cisco #zero-day #vulnerability #cybercrime

The Interlock ransomware group exploited a critical Cisco ASA/FTD zero-day for weeks before disclosure, marking a real shift as criminal groups gain access to capabilities once reserved for nation-states.

Update Everything: Chrome Zero-Days, Android's March Bulletin, and the Patch Gap That Puts You at Risk

John Z Black Mar 22, 2026

Vulnerabilities & Patching #chrome #android #zero-day #mediatek #patching #cve #mobile-security

Two Chrome zero-days under active attack, 129 Android vulnerabilities in March, and the stubborn reality that 'patch available' and 'you're protected' are two very different things.

iPhone Exploit Kits Go Mainstream: DarkSword, Coruna, and the End of 'iOS Is Enough'

John Z Black Mar 21, 2026

Vulnerabilities & Patching #ios #apple #darksword #coruna #mobile-security #exploit-kit #zero-day #nation-state

New research from Google, iVerify, and Lookout confirms iOS exploit kits have moved from rare targeted spyware to website-level deployment against broad populations. A companion toolkit was found targeting US government officials specifically.

Mobile Trust Is Fracturing: Android Fraudware and iOS Exploit Chains Converge

John Z Black Mar 20, 2026

Threat Intelligence #mobile-security #android-malware #ios-exploits #byod-risk #app-provenance #zero-day

Perseus on Android, DarkSword on iOS, and new iPhone exploitation reporting point to a shared reality: mobile trust assumptions are breaking across both ecosystems.

Zero-Day by Default: Why Cisco FMC Should Reorder This Week's Patch Queue

John Z Black Mar 18, 2026

Vulnerabilities & Patching #cisco #fmc #zero-day #kev #patching #ransomware #vulnerability-management

Interlock operators have been exploiting a Cisco FMC zero-day since January. If you're still sorting patch queues by CVSS score, that's the problem.

Patch Chrome Now: Two Zero-Days Being Actively Exploited in the Wild

John Z Black Mar 14, 2026

Vulnerability #chrome #zero-day #cve-2026-3909 #google #patch #browser-security #v8 #skia

Google just patched two zero-days in Chrome 146 that were already being used in real attacks. Update now or stay exposed.

March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now

John Z Black Mar 12, 2026

Patch Tuesday #patch-tuesday #microsoft #zero-day #solarwinds #cisa #cve #vulnerability-management

Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.

Patch Week From Hell: Microsoft, Adobe, SAP, and HPE All Drop Critical Fixes at Once

John Z Black Mar 11, 2026

Vulnerability Management #patch-tuesday #microsoft #adobe #sap #hpe #zero-day #vulnerability-management

March 2026 might be the worst coordinated patching week in years. Microsoft, Adobe, SAP, and HPE all dropped critical fixes in the same 48-hour window. Here's what to patch first.