FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wil...
Zero-Day
20 articles
Google patches fourth Chrome zero-day so far this year
Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281, the company ackno...
The Good, the Bad and the Ugly in Cybersecurity – Week 14
SentinelOne stops LiteLLM supply chain attack in real time, attackers weaponize Axios to deploy RAT, and Chrome zero-day enables RCE.
TrueConf Zero-Day Exploited in Asian Government Attacks
A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post Tr...
Actively exploited Chrome zero-day patched
Updates have been issued by Google to fix 21 vulnerabilities in its Chrome browser, including the actively exploited high-severity zero-day flaw, tracked as ...
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
The U.S.
TrueConf zero-day vulnerability turns its own update process into malware delivery channel
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within gover...
Hackers exploit TrueConf zero-day to push malicious software updates
Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected...
Google fixes fourth actively exploited Chrome zero-day of 2026
Google fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild. Google released Chrome upda...
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
Developers can spend days using fuzzing tools to find security weaknesses in code. Alternatively, they can simply ask an LLM to do the job for them in seconds.
Attacks with TrueConf zero-day hit Southeast Asian governments
Suspected China-linked threat actors have weaponized a high-severity zero-day flaw in the TrueConf client video conferencing software, tracked as CVE-2026-35...
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
Google has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component. The post Exploited Zero-Day Among 21 Vulnerabilities Patched in C...
Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is active...
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploi...
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads aff...
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. [.
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks
Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score o...
How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting...