Two forces dominated the day: governments and AI labs pulling frontier models behind tighter access controls, while an anonymous actor moved in the opposite direction — dropping zero-days publicly wit
Threat intelligence firm Defused has confirmed that attackers are actively exploiting multiple critical vulnerabilities in Fortinet's FortiSandbox platform, the appliance many organizations rely on to
Security researchers at Depth First have published findings documenting [twenty-one zero-day vulnerabilities in FFmpeg](https://depthfirst.com/research/21-zero-days-in-ffmpeg) — one of the most widely
**What Happened**
Oracle has disclosed a critical zero-day in PeopleSoft Suite — **CVE-2026-35273** — enabling unauthenticated remote code execution, and the ShinyHunters threat group is already exploiting it in live d
A public proof-of-concept exploit for an unpatched Microsoft Defender vulnerability has been released, granting SYSTEM-level access on fully updated Windows machines. There is currently no patch avail
Microsoft's June 2026 Patch Tuesday — the largest in company history at [nearly 200 vulnerabilities patched in a single cycle](https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-j
CISA has added a critical Check Point Remote Access VPN vulnerability to its Known Exploited Vulnerabilities catalog and [ordered all U.S. federal agencies to patch within three days](https://www.blee
Check Point has disclosed and patched [CVE-2026-50751](https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html), a CVSS 9.3 authentication-bypass vulnerability in Remote Access
Cisco has issued an urgent advisory for [CVE-2026-20245](https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/), a high-severity privilege es
A working exploit for an unpatched Visual Studio Code vulnerability is now public, and it does something particularly damaging: steal GitHub authentication tokens with a single click from the victim.
A researcher operating under the handle **Nightmare Eclipse** has published proof-of-concept (PoC) exploit code for one or more unpatched Microsoft zero-day vulnerabilities, touching off a public disp
A zero-day vulnerability in [Gogs](https://gogs.io/), the popular self-hosted Git service, is actively exploitable and currently has **no patch**. According to [BleepingComputer](https://www.bleepingc
A critical zero-day vulnerability in the **KnowledgeDeliver** learning management system is being actively exploited in the wild, with attackers using it to deploy the **Godzilla web shell** on compro
Supply chain compromises dominated this week, with developer tools, CI workflows, and npm packages falling in overlapping campaigns — while separately, a wave of active exploitation hit network infras