Dirty Frag, a critical Linux kernel zero-day vulnerability with no patch and giving hackers root, has gone public after an embargo was broken. Here’s the workaround.

Microsoft has confirmed an emergency security update as CISA warns that two new Defender zero-days are being exploited by ...

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking.

Update 10/6/25 11:15 AM ET: Updated story with more information on the leaked Oracle source code and the leaking of the exploit. Oracle is warning about a critical E-Business Suite zero-day ...

Researchers from Google LLC and two cybersecurity companies have identified a set of zero-day exploits in iOS 18. Google’s GTIG threat intelligence team, Lookout Inc. and iVerify Inc. published their ...

A vulnerability tracked as CVE-2025-6965 has been entered into the National Vulnerability Database, the federal registry ...

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows ...

Suppliers of commercial spyware have edged ahead of nation-state threat actors when it comes to the exploitation of zero-day vulnerabilities at scale, according to data released by the Google Threat ...

Chinese state hackers and spyware vendors are fueling a rise in zero-day attacks, which increasingly target enterprise software and devices — security and networking products in particular. Google ...

Cybersecurity firm Kaspersky has detailed more of its findings on the distribution of malware through a zero-day exploit it uncovered in Google Chrome earlier this year. The exploit was executed ...

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. Attackers have been exploiting a ...