All news

zero-day

(7 articles)

May 26, 2026

KnowledgeDeliver Zero-Day Exploited to Drop Web Shells

A hardcoded ASP.NET machine key in KnowledgeDeliver LMS let attackers exploit CVE-2026-5426 without auth to deploy Godzilla web shells. Here's what you need to know.

May 14, 2026

PraisonAI CVE-2026-44338 Auth Bypass Exploited Fast

CVE-2026-44338 in PraisonAI allows authentication bypass and was actively targeted within hours of public disclosure. Here's what you need to know.

LiteLLM CVE-2026-42208 SQL Injection Exploited Fast

April 29, 2026

LiteLLM CVE-2026-42208 SQL Injection Exploited Fast

LiteLLM CVE-2026-42208 SQL injection was actively exploited within 36 hours of disclosure. Learn how it works and how to protect your AI infrastructure.

Nginx UI Auth Bypass CVE-2026-33032 Exploited

April 15, 2026

Nginx UI Auth Bypass CVE-2026-33032 Exploited

CVE-2026-33032 lets attackers take over Nginx servers without credentials. Over 2,600 instances exposed. Here's what you need to patch now.

Marimo RCE CVE-2026-39987 Exploited in 10 Hours

April 10, 2026

Marimo RCE CVE-2026-39987 Exploited in 10 Hours

The Marimo RCE flaw CVE-2026-39987 was exploited within 10 hours of disclosure. Learn how it works, what's at risk, and how to protect your stack now.

Claude AI Finds Thousands of Zero-Day Flaws

April 8, 2026

Claude AI Finds Thousands of Zero-Day Flaws

Anthropic's Claude AI model has uncovered thousands of zero-day vulnerabilities across major systems, shrinking the window humans have to respond to threats.

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

March 27, 2026

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is pushing lock screen warnings to older iPhones targeted by active web-based exploits. Here is what developers and users need to know right now.