devtake.dev — #zero-day

devtake.dev — #zero-dayArticles tagged zero-day on devtake.dev.https://devtake.dev/en-usGoogle is patching an Android flaw that attackers are already exploiting in the wildhttps://devtake.dev/article/android-june-2026-zero-day-patch/https://devtake.dev/article/android-june-2026-zero-day-patch/Google's June 2026 Android bulletin patches an actively exploited Framework privilege-escalation zero-day plus 123 other flaws. Here's who's at risk and what to do.Wed, 03 Jun 2026 11:45:00 GMTandroidandroidgooglesecurityzero-daycve-2025-48595patchpixelnaomi-parkGitHub banned the researcher dropping Windows zero-days. The code was already mirrored everywhere.https://devtake.dev/article/github-bans-researcher-windows-zero-day/https://devtake.dev/article/github-bans-researcher-windows-zero-day/GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?Fri, 29 May 2026 06:50:00 GMTsecuritysecuritygithubvulnerability-disclosurezero-daymicrosoftwindowssupply-chainrceluca-reinhardtA USB stick now opens a BitLocker drive in 60 seconds. The researcher calls it a backdoor.https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.Thu, 14 May 2026 10:15:00 GMTsecuritysecuritybitlockermicrosoftwindowszero-daywinretpmfull-disk-encryptionluca-reinhardtA nine-year-old Linux kernel bug gives root in one command. No patch exists yet.https://devtake.dev/article/linux-dirty-frag-kernel-privilege-escalation/https://devtake.dev/article/linux-dirty-frag-kernel-privilege-escalation/Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.Sun, 10 May 2026 10:00:00 GMTsecuritysecuritylinuxkernelcve-2026-43284privilege-escalationzero-daydirty-fragluca-reinhardtAdobe's Acrobat zero-day sat on VirusTotal for 136 days. Patch is APSB26-43.https://devtake.dev/article/adobe-acrobat-reader-cve-2026-34621/https://devtake.dev/article/adobe-acrobat-reader-cve-2026-34621/CVE-2026-34621 is an actively exploited Acrobat and Reader bug that runs attacker JavaScript inside the PDF runtime. The first sample hit VirusTotal in November and went unflagged.Tue, 28 Apr 2026 15:30:00 GMTsecurityadobeacrobatcve-2026-34621securityzero-dayvirustotalexpmonpdfluca-reinhardtMicrosoft April 2026 Patch Tuesday: 167 fixes, two zero-days, and a SharePoint bug already in CISA's KEVhttps://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/https://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.Mon, 27 Apr 2026 15:00:00 GMTsecuritymicrosoftpatch-tuesdaycve-2026-32201sharepointdefenderzero-daysecuritycisa-kevluca-reinhardt