#zero-day

Google is patching an Android flaw that attackers are already exploiting in the wild

Google's June 2026 Android bulletin patches an actively exploited Framework privilege-escalation zero-day plus 123 other flaws. Here's who's at risk and what to do.

GitHub and Windows security composite with a warning overlay

Security·2 weeks ago

GitHub banned the researcher dropping Windows zero-days. The code was already mirrored everywhere.

GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?

Security·last month

A USB stick now opens a BitLocker drive in 60 seconds. The researcher calls it a backdoor.

A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.

Wiz Research's disclosure page for the Dirty Frag Linux kernel privilege escalation vulnerability

Security·last month

A nine-year-old Linux kernel bug gives root in one command. No patch exists yet.

Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.

Adobe Acrobat product hero card showing the red Acrobat icon.

Security·2 months ago

Adobe's Acrobat zero-day sat on VirusTotal for 136 days. Patch is APSB26-43.

CVE-2026-34621 is an actively exploited Acrobat and Reader bug that runs attacker JavaScript inside the PDF runtime. The first sample hit VirusTotal in November and went unflagged.

BleepingComputer's Microsoft Patch Tuesday header art.

Security·2 months ago

Microsoft April 2026 Patch Tuesday: 167 fixes, two zero-days, and a SharePoint bug already in CISA's KEV

Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.