zero-day
Cybersecurity & Risk
Marimo CVE-2026-39987: Weaponized in Under 10 Hours
A critical Marimo Python notebook RCE was weaponized in 9h 41m, with credential theft in under 3 minutes. What it means for dev tool security.
Cybersecurity & Risk
CISA KEV Catalog: 1,484 Exploited Vulnerabilities and Counting
⚡ Key Takeaways CISA’s Known Exploited Vulnerabilities catalog reached 1,484 entries after a 20% surge in 2025, with 245 new...
Cybersecurity & Risk
Adobe Reader Zero-Day: A PDF Exploit Ran Wild for 4 Months
CVE-2026-34621 (CVSS 9.6) let attackers run code via malicious PDFs for 4 months before Adobe patched it. Russian-language lures targeted energy firms.
AI & Automation
Anthropic Mythos: The AI That Finds Zero-Days Too Well to Release
Claude Mythos Preview finds zero-days across every major OS with a 72.4% exploit success rate. Anthropic withheld it, launching Project Glasswing instead.
Cybersecurity & Risk
Vulnerability Exploits Overtake Phishing as Primary Attack Vector
Mandiant M-Trends 2026 confirms exploits lead initial access for the sixth year. Exploitation speed has collapsed to negative 7 days. What defenders must do now.
Cybersecurity & Risk
ImageMagick Zero-Day: The Image Upload Flaw Compromising Millions of Servers
⚡ Key Takeaways A critical ImageMagick zero-day (CVE-2026-25797) allows attackers to achieve full remote code execution on WordPress and Linux...
Cybersecurity & Risk
DarkSword Exploit: Six-Bug iOS Chain Forces Apple’s Emergency Patch
⚡ Key Takeaways DarkSword is a full-chain iOS exploit kit that chains six vulnerabilities — three zero-days — in WebKit,...
Cybersecurity & Risk
FortiClient EMS Zero-Day: When Endpoint Security Becomes the Attack Surface
⚡ Key Takeaways Fortinet’s FortiClient EMS suffered a critical zero-day (CVE-2026-35616, CVSS 9.1) that was actively exploited before patches existed,...
Cybersecurity & Risk
Cisco FMC Zero-Day: How Interlock Ransomware Exploited Firewalls for 36 Days
CVE-2026-20131, a CVSS 10.0 Cisco FMC deserialization flaw, was exploited by Interlock ransomware for 36 days before disclosure.
Cybersecurity & Risk
Cisco SD-WAN Zero-Day: How UAT-8616 Hid for Three Years
CVE-2026-20127, a CVSS 10.0 flaw in Cisco Catalyst SD-WAN, let UAT-8616 lurk undetected since 2023. Five Eyes and CISA issued emergency response guidance.
Cybersecurity & Risk
Six Zero-Days Under Active Attack: Inside February 2026’s Most Dangerous Patch Tuesday
Microsoft patched 58 vulnerabilities including 6 actively exploited zero-days in February 2026. CISA set a March 3 deadline. Full breakdown of the threats.
