Security news aggregator

Latest coverage for 0-Day

Explore the latest 0-Day vulnerabilities news, expert insights, and cyber threat updates to stay ahead in information security.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

0-Day, also spelled as Zero-Day, is a term used in information security to describe a software vulnerability that is unknown to the party or parties responsible for patching or fixing the vulnerability. The "zero" in the term denotes that the developers have zero days to address the flaw because it has already been discovered by attackers who can exploit it to cause harm before a fix is made available.

In the context of information security, a 0-Day vulnerability is particularly dangerous because it can be actively exploited by cybercriminals to gain unauthorized access, steal sensitive data, execute malicious code, or cause service disruptions. Because the vulnerability is not widely known, protective measures and patches are typically not yet in place, leaving systems and users vulnerable until the software developer releases an update to patch the security hole.

0-Day exploits are often sold or shared on the black market among hackers and are considered valuable because they are effective against systems that are considered to be secure. Information security professionals actively work to discover and mitigate these vulnerabilities before they can be exploited, and users are encouraged to apply software updates regularly to protect themselves against known 0-Day vulnerabilities that have been patched.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view
Bank Info Security 1 day, 19 hours ago

ShinyHunters Hits Universities Via Oracle Zero-Day

Mandiant: 68% of Targets Were Higher Ed Institutions Running PeopleSoftShinyHunters exploited a critical zero-day in Oracle PeopleSoft to breach more than 100 organizations globally, researchers at Mandiant and Google's Threat Intelligence Group said, with universities and colleges accounting for the majority of confirmed targets in the active extortion campaign.

More from Bank Info Security 16 Jun 2026, 9:30 a.m. Incident · 8 stories 0-Day Breach Critical Education Extortion Google Oracle Research

ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran […]

More from Security Affairs 12 Jun 2026, 10:49 p.m. Incident · 8 stories 0-Day Breach Critical Flaw Google Oracle Patch Remote Code Execution Vulnerability

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

More from Bleeping Computer 12 Jun 2026, 7:39 a.m. Incident · 8 stories Actively exploited CVE-2026-35273 0-Day CVE Critical Flaw Mitigation Oracle Remote Code Execution Theft Unauthenticated Vulnerability Warning