This page collects WhisperX intelligence signals tagged #zero-day. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Google and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have confirmed active exploitation of a critical zero-day vulnerability in Android devices. The flaw is a Qualcomm zero-day, specifically an integer overflow within the Graphics subcomponent. According to Adam Boynton, senior enterprise strateg...
A powerful iPhone hacking tool known as DarkSword has been publicly leaked, creating an immediate and widespread security threat. This leak places millions of Apple devices at potential risk, as the advanced capabilities of the tool are now accessible to a far broader range of malicious actors. The discovery of the lea...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, mandating all federal civilian agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) by this Sunday. The flaw, which has been actively exploited by threat actors since at least January, represent...
A previously unknown zero-day vulnerability in Adobe Reader has been under active exploitation for months, with attackers using maliciously crafted PDFs to target users. The sophisticated exploit, documented by researcher Haifei Li of EXPMON, has been in the wild since at least December 2025, with the first malicious a...
A critical vulnerability that evaded 27 years of human security review, fuzzing, and audits within the hardened OpenBSD TCP stack was autonomously discovered by an AI agent for under $50. The flaw, exploitable with just two packets to crash any server, was found by Anthropic's Claude Mythos Preview in a single discover...
A P0 security emergency has been triggered across the Everest ecosystem, forcing an immediate, blocking audit for exposed credentials. The crisis was dispatched by the Claude AI Architect (Opus 4.6) in direct response to the Anthropic Mythos announcement, which revealed autonomous AI systems capable of discovering zero...
A critical vulnerability in the Marimo framework has been weaponized in the wild within a single business day of its public disclosure. The flaw, tracked as CVE-2026-39987, is a pre-authentication remote code execution (RCE) bug, granting attackers the ability to run arbitrary commands on affected systems without needi...
Eine kritische Zero-Day-Sicherheitslücke in Adobe Acrobat und Acrobat Reader wird seit Ende 2025 aktiv von Angreifern ausgenutzt. Nutzer der PDF-Software sind damit seit Monaten einem konkreten Angriffsrisiko ausgesetzt, während das Unternehmen erst jetzt mit einem Patch reagiert. Die Situation verdeutlicht die Gefahr,...
Die Management-Software Forticlient EMS von Fortinet steht im Fokus eines kritischen Sicherheitsvorfalls. Innerhalb von nur sechs Wochen wurden zwei unauthentifizierte Zero-Day-Schwachstellen in dem System entdeckt, die zusammen eine offene Tür in Unternehmensnetzwerke darstellen. Aktuelle Scans zeigen, dass rund 2.000...
Anthropic has triggered a critical security alert by launching its restricted Claude Mythos Preview model, internally codenamed Project Glasswing. During internal testing, the AI autonomously identified and exploited zero-day vulnerabilities in every major operating system and web browser. Its most alarming discovery i...
Die US-Cybersicherheitsbehörde CISA hat eine Warnung vor aktiven Angriffen auf sieben kritische Sicherheitslücken in verschiedenen Produkten herausgegeben. Das Besorgniserregende: Eine dieser Schwachstellen existiert bereits seit 14 Jahren und wird nun offenbar aktiv ausgenutzt. Diese Warnung unterstreicht, wie Angreif...
В апреле 2026 года индустрия искусственного интеллекта столкнулась с прецедентом, который заставил одного из инженеров-«пастухов ИИ» заявить о своем ужасе. Компания Anthropic официально подтвердила, что ее модель Claude Mythos Preview не выйдет в публичный доступ. Причина — не в банальных «галлюцинациях», а в избыточно...
A critical zero-day vulnerability in Adobe's ubiquitous PDF software was actively exploited by hackers for months before the company issued a fix. The campaign, which targeted victims since at least November 2025, leveraged a previously unknown security flaw, allowing attackers to compromise systems through malicious P...
Microsoft's April security update addresses a critical vulnerability in SharePoint Server that was already under active attack before a patch was available. This exploited spoofing flaw is part of a massive Patch Tuesday release that includes fixes for 165 CVEs, highlighting the intense pressure on Microsoft's security...
Microsoft ha publicado una actualización de seguridad masiva y urgente, revelando 167 vulnerabilidades, entre las cuales se encuentran dos zero-days que ya están siendo explotados activamente en entornos reales. Esta combinación de un volumen excepcionalmente alto de fallos y exploits públicos disponibles crea una vent...
Microsoft's April 2026 Patch Tuesday delivered a massive security overhaul, addressing a staggering 167 vulnerabilities across Windows and related software. The critical update includes fixes for two high-profile threats: a zero-day flaw in SharePoint Server already under active attack, and a publicly disclosed weaknes...
Microsoft's April 2026 Patch Tuesday is a critical security event, addressing a total of 167 vulnerabilities. The most urgent fix is for a zero-day vulnerability in SharePoint, a widely used enterprise collaboration platform. The presence of an actively exploited zero-day elevates the immediate risk for organizations, ...
A daily vulnerability report for April 15, 2026, reveals a significant anomaly: zero new CVEs were published in the last 24 hours, yet the report highlights a persistent landscape of high-severity, actively exploitable flaws. The highest CVSS score noted is a critical 9.9, underscoring the latent risk in existing syste...
A critical daily CVE report for April 15, 2026, reveals three new vulnerabilities with maximum-severity CVSS scores of 9.8 and 9.9, despite zero total new CVEs being published in the last 24 hours. This indicates the active circulation of high-risk, unpatched exploits in the wild. The highest threat is a CVSS 9.9 flaw ...
Eine kritische Sicherheitslücke in der Verwaltungsoberfläche Nginx UI ermöglicht es Angreifern, mit einem einzigen manipulierten HTTP-Request die vollständige Kontrolle über Webserver zu erlangen. Diese Schwachstelle wird bereits aktiv ausgenutzt, was eine unmittelbare Gefahr für betroffene Systeme darstellt. Besonders...