Zero-day vulnerabilities are security flaws exploited before the vendor releases a patch, making them among the most dangerous threats in cybersecurity. Nation-state actors and advanced criminal groups prize zero-days for their ability to bypass existing defenses. defend.network monitors zero-day disclosures from vendor advisories, CISA alerts, and threat intelligence feeds, prioritizing those with confirmed active exploitation.
Microsoft Defender privilege-escalation zero-day CVE-2026-50656 (patch pending). FortiBleed leaks credentials for 73,932 Fortinet devices; attackers actively harvesting access across 200 countries. GitHub supply-chain worm exploiting dismissed design flaws compromises hundreds of packages.
Oracle PeopleSoft CVE-2026-35273 actively exploited by ShinyHunters targeting universities; Windows BitLocker bypassed via XML files; The Gentlemen ransomware claims 478 victims with worm-like spreading capability.
Check Point VPN zero-day (CVSS 9.3) actively exploited since early May; Linux kernel use-after-free now has public exploit; NSO Group continues WhatsApp phishing despite federal court injunction.
Google Android zero-day (CVE-2025-48595) actively exploited; Gamaredon APT weaponizing WinRAR; WordPress Kirki plugin hijacking admin accounts. CISA adds Oracle WebLogic to KEV catalog.
ChatGPT share links abused for malware delivery; Marimo CVE-2026-39987 exploited with LLM agents for post-compromise activity; Dutch authorities seize 800 Russian-linked servers and arrest hosting executives.
Microsoft patched SharePoint RCE (CVE-2026-45659); CISA contractor exposed AWS GovCloud keys on GitHub; MuddyWater targeted nine organizations across four continents using DLL side-loading.
Microsoft Defender vulnerabilities actively exploited; 9-year-old Linux kernel flaw enables root execution; Cisco Workload max-severity RCE patched; Showboat malware targets telcos across Middle East and Central Asia.
Microsoft Exchange zero-day under active exploitation with no patch available. Shai-Hulud worm source code leaked, spawning clones targeting npm developers. INTERPOL Operation Ramz arrested 201 cybercriminals across MENA region.
Critical zero-days in NGINX, Microsoft Exchange, and Cisco SD-WAN actively exploited in the wild. TanStack supply chain attack compromises OpenAI and AI companies. Immediate patching required.
Critical vulnerabilities in Cisco SD-WAN (CVSS 10.0), Microsoft Exchange, and Funnel Builder WordPress plugin under active exploitation. Supply chain attacks compromise npm packages. Immediate patching required.
Critical Microsoft Exchange zero-day exploited in wild; npm supply chain attacks compromise OpenAI; Turla APT evolves Kazuar into P2P botnet; WordPress plugins actively harvesting payment cards.
Critical Cisco SD-WAN zero-day exploited in the wild; supply chain attacks compromise TanStack and node-ipc; state APTs target government; education platform disrupted by extortion.
Critical BitLocker zero-days with public PoCs, Microsoft Exchange APT exploitation, Canvas ransomware attack on education sector, and Foxconn manufacturing compromise create immediate operational risks across multiple industries.
Critical supply chain compromise of Checkmarx Jenkins plugin, first AI-generated zero-day 2FA bypass exploit, and active Canvas education platform extortion campaign require immediate response.
Canvas ransomware disrupts universities nationwide; Ollama zero-day affects 300k+ servers; TCLBANKER targets financial platforms; critical infrastructure breached; supply-chain compromises detected.
Critical vulnerabilities in Palo Alto Networks and Ivanti EPMM under active exploitation. PCPJack credential stealer worm targeting cloud infrastructure. Russian state actors harvesting Office tokens via router compromise.
Critical vulnerabilities in vm2, Palo Alto firewalls, and DAEMON Tools combined with Russian military intelligence token harvesting and Iranian APT false-flag campaigns demand immediate patching and investigation.
Critical Linux root access vulnerability added to CISA KEV with active exploitation confirmed. Multiple critical threats including cPanel mass-exploitation, source code breaches, and state-sponsored APT campaigns.
Critical supply chain attacks compromise PyTorch Lightning and SAP packages; Russian state-sponsored actors steal Office tokens; AI-accelerated exploitation shrinks time-to-compromise to 24 hours.
Critical RCE vulnerabilities in GitHub and Hugging Face, destructive VECT 2.0 ransomware, Russian token harvesting, and BlueNoroff deepfake attacks demand immediate defensive action.
Critical RCE vulnerabilities in AI infrastructure (SGLang, Anthropic MCP) combined with state-sponsored APT campaigns targeting authentication systems and OT/healthcare infrastructure demand immediate patching and access controls.
Critical Microsoft Defender zero-days actively exploited, 68% of cloud breaches from unmanaged service accounts, Russian state actors harvesting Office tokens, protobuf.js RCE with public exploit, APT28 targeting Ukrainian government.
Critical Microsoft Defender zero-days under active exploitation, 68% of cloud breaches from unmanaged service accounts, and Russian state-sponsored token harvesting campaigns demand immediate action.
Critical zero-day exploits in Microsoft Defender and Apache ActiveMQ, Russian state-sponsored token harvesting, and sophisticated ransomware evasion techniques pose immediate threats requiring emergency patching and threat hunting.
Apache ActiveMQ actively exploited; Microsoft Defender zero-day disclosed; Russian state actors harvesting Office 365 tokens; ZionSiphon targets water infrastructure.
Critical nginx-ui authentication bypass actively exploited; Microsoft releases 169 patches including SharePoint zero-day; n8n webhooks weaponized for phishing; WordPress plugins and signed software compromised.
Critical Microsoft zero-days under exploitation, Russian state hackers harvesting Office tokens via routers, and 220K users compromised by Mirax RAT. Supply-chain risks escalating across PHP and development ecosystems.
Critical Adobe zero-day under active exploitation, Russian state-sponsored token harvesting, and APT37 social engineering campaigns compound with AI-powered vulnerability discovery threats.
Critical Adobe Reader zero-day, CPUID supply-chain compromise distributing STX RAT, Russian APT harvesting Office tokens via router exploits, and Iranian actors targeting 4,000+ U.S. industrial control systems.
Critical threats span Iranian PLC targeting, Russian token harvesting, Marimo RCE exploitation within 10 hours, and GlassWorm IDE infections. Immediate patching and detection deployment required.
Critical exploitation of Marimo RCE, Iranian targeting of 4,000 US PLCs, and Russian token harvesting via routers demand immediate patching and access controls.
Critical zero-day in Adobe Reader, state-sponsored credential theft via routers, and major supply-chain compromises demand immediate action across all organizations.
APT28 deploys PRISMEX malware targeting NATO allies; 13-year-old ActiveMQ RCE and Russian router-based token theft critical; new botnets and healthcare ransomware disruptions.
State-sponsored DPRK and China-linked APT campaigns, critical FortiClient RCE exploit, and cascading supply chain attacks affecting European institutions and npm ecosystem.
Critical zero-day in TrueConf, resurgent Chinese APT targeting European governments, North Korean npm supply chain compromise, and third-party vendor breaches require immediate response
Critical zero-day vulnerabilities in Chrome and TrueConf under active exploitation, combined with widespread malware campaigns targeting mobile and enterprise infrastructure.
Critical zero-day exploits in TrueConf and North Korean Axios compromise, plus wiper attacks and AI platform over-privilege vulnerabilities demand immediate response across cloud, government, and healthcare sectors.
State-sponsored Chinese APT embedded in telecom backbone, critical Langflow AI vulnerability actively exploited, wiper malware targeting Iran systems, and zero-click AI assistant vulnerabilities require immediate response.
Critical VMware ESXi vulnerability actively exploited by ransomware operators. BlackSuit group claims major U.S. healthcare breach. CISA adds 3 new CVEs. Microsoft patches Windows kernel zero-day. New PhishRelay kit enables real-time MFA bypass.
Subscribe free and never miss a threat briefing.