Zero-day

APT-C-23 resurfaces targeting Israel with Micropsia malware.

M6PLUS Bluetooth protocol lacks replay protection; POC released for CVE-2026-4583.

CISA orders U.S. federal agencies to patch exploited Ivanti EPMM flaw by Sunday.

13-year-old RCE vulnerability in Apache ActiveMQ Classic discovered via AI analysis.

CISA adds CVE-2026-1340 Ivanti EPMM code injection to Known Exploited Vulnerabilities Catalog.

Critical Ninja Forms File Uploads addon vulnerability enables unauthenticated remote code execution on 50,000 WordPress

Anthropic's Claude Mythos AI model discovers thousands of zero-day vulnerabilities across major systems.

ClickFix campaign uses fake CAPTCHAs to deploy Node.js RAT malware via Tor to steal crypto.

Critical RCE flaw in Ninja Forms File Upload WordPress plugin exploited in active attacks.

DOJ and FBI conduct court-authorized disruption of GRU-controlled DNS hijacking network using compromised TP-Link

CVE-2026-28286 privilege escalation in ZimaOS allows API restriction bypass and unauthorized write access.

Microsoft attributes Medusa ransomware deployments to Storm-1175 exploiting N-day and zero-day vulnerabilities.

CVE-2026-23398 Linux kernel ICMP DoS vulnerability disclosed with public PoC.

GrafanaGhost vulnerability in Grafana AI components enables silent data exfiltration via prompt injection.

Law enforcement disrupts FrostArmada, APT28 campaign hijacking routers to steal Microsoft 365 credentials.

Critical Flowise RCE vulnerability CVE-2025-59528 exploited in the wild, affects 12,000+ instances.

Docker CVE-2026-34040 allows attackers to bypass authorization plugins and gain host access.

GrafanaGhost exploits Grafana's AI defenses via prompt injection to exfiltrate sensitive data undetected.

Medusa ransomware group exploits zero-days and fresh vulnerabilities to breach 300+ organizations within days.

AI-driven device code phishing campaign scales account compromise using automation and dynamic token generation.

CISA orders federal agencies to patch actively exploited Fortinet EMS vulnerability by Friday.

CISA adds Fortinet FortiClient EMS improper access control flaw to KEV catalog.

Apple releases security patch for DarkSword vulnerability affecting iOS 18.

Two critical ShareFile flaws chain for unauthenticated RCE via authentication bypass and arbitrary file upload.

CVE-2026-5027: Langflow path traversal vulnerability enables remote code execution.

CVE-2026-4698: Critical JIT miscompilation flaw in Firefox JavaScript engine (CVSS 8.8)

CVE-2026-3775 DLL hijacking vulnerability discovered in Foxit PDF Editor/Reader update service.

Hackers exploit CVE-2025-55182 in Next.js to breach 766 hosts and steal credentials via NEXUS Listener.

Pegasus-like zero-click RAT spyware being sold on cybercrime forum by xone9to1

Critical vulnerability discovered in Claude Code allows bypass of permission system via prompt injection.

Apple rolls out iOS 18.7.7 patches to protect 200M devices against DarkSword exploit kit.

Two chained Progress ShareFile flaws enable unauthenticated RCE and file exfiltration.

ThreatsDay Bulletin covers pre-auth RCE chains, Android rootkits, CloudTrail evasion, and 10+ security threats.

CISA adds CVE-2026-3502 TrueConf Client code integrity vulnerability to KEV Catalog.

Hitachi Energy Ellipse RCE vulnerability via Jasper Report deserialization flaw affects critical manufacturing systems

Cisco patches critical IMC authentication bypass enabling unauthenticated Admin access.

Apple expands iOS 18.7.7 patch to block DarkSword exploit kit targeting older iPhones.

Threat actor FulcrumSec claims breach of Unique Computing LLC via unpatched CVE-2025-55182.

CISA adds CVE-2026-5281 Google Dawn use-after-free vulnerability to Known Exploited Vulnerabilities Catalog.

North Korean hackers compromised Axios NPM package, distributing backdoored versions to millions.

Claude AI discovers RCE vulnerabilities in Vim and GNU Emacs triggered by file open.

SentinelOne's AI-EDR detected trojanized LiteLLM targeting Anthropic's Claude in supply chain attack.

Four chained vulnerabilities in CrewAI allow sandbox escape and arbitrary code execution via prompt injection.

Anritsu Remote Spectrum Monitor critical authentication bypass affecting all versions worldwide.

Fortinet FortiClient EMS SQL injection vulnerability CVE-2026-21643 actively exploited in the wild.

CISA orders federal agencies to patch actively exploited Citrix NetScaler flaw CVE-2026-3055 by Thursday.

OpenAI patches ChatGPT data exfiltration and Codex GitHub token theft vulnerabilities.

15-year-old strongSwan integer underflow bug lets attackers crash VPNs via EAP-TTLS.

Critical 9.8 CVSS Telegram vulnerability allegedly exploitable via corrupted sticker; vendor denies existence.

CISA adds CVE-2026-3055 Citrix NetScaler out-of-bounds read to known exploited vulnerabilities catalog.