Pierluigi Paganini
February 25, 2026
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty […]
Pierluigi Paganini
February 12, 2026
Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that […]
Pierluigi Paganini
January 26, 2026
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509. The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, […]
Pierluigi Paganini
December 19, 2025
Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain […]
Pierluigi Paganini
December 13, 2025
Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state […]
Pierluigi Paganini
December 11, 2025
Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version […]
Pierluigi Paganini
December 11, 2025
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser, including a high-severity flaw that threat actors are already exploiting in real-world attacks. “Google is aware that an exploit for 466192044 exists in the wild,” reads […]
Pierluigi Paganini
December 10, 2025
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are […]
Pierluigi Paganini
December 08, 2025
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information. The […]
Pierluigi Paganini
November 14, 2025
A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices […]
