A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance.
The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities.
The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution.
The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek.
TrendAI Patches Apex One Zero-Day Exploited in the Wild
CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One.
The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition.
The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions.
The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616.
The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System.
The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.
The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
